Security by Design – How secure is your kettle?

In the internet of things has many advantages –there is a vast number of devices that can control various aspects of households without direct human intervention. For example, automatically watering plants or heating homes. The devices can also be remotely configured through a centralised app or device, for example turning on kettles just as users get back from work or locking a door remotely as they leave. Apart from the obvious convenience of doing this, the other huge advantage is for individuals with physical disabilities. Individuals with impaired sight can use voice activated virtual assistants such as Google home or Alexa to control a wide range of devices while individuals with restricted movement can activate locks, turn switches on or off from a distance using their mobiles.

There is an increasing reliance on these devices and fundamentally they have improved, and as the technology develops and device options increase, will continue to improve many peoples’ lives. But, as we’ve mentioned in previous blog posts, users of these smart devices often assume there is a higher level of privacy protection and security in their purchased devices than there is in reality. With the increasing number of interconnected devices being introduced into homes, this begs the key question for users: how secure is your kettle?

Users instinctively trust these devices to be secure and to keep their data confidential. However, this cannot be guaranteed – as can been seen by the recent proliferation of articles highlighting how prone to confidentially breaches some of these devices, in particular voice activated virtual assistants, are. The issue is that, while people are familiar with ensuring the physical security of their homes, virtual security is a relatively new concept. It is only recently that people have had to think about ensuring the security of each individual device connected in their home in this way.

Conventional security is simpler. It is engrained in society that to prevent break ins, house owners need to lock their doors and windows. To do this, they purchase locks, which once installed, they no longer need to think about. For extra security, they can install an alarm system, and again, once installed, it does not need to be considered again – the lock itself can be forgotten. These physical devices continue to work without supervision. All users need to do it turn the locks on the door or window and turn on the alarm.

Virtual security, on the other hand, requires constant vigilance. Users of smart devices are significantly less familiar with the concept of locking their kettle, but smart devices and smart homes require continuous monitoring. The fact that all devices are interconnected and hooked up to user’s internet means that any single device can be used to access information held in other parts of the system. As with the concept of privacy by design which is reflected in the EU’s General Data Protection Regulation (GDPR), internet of things devices need to be designed with user’s security in mind. Smart home design requires security by design – devices need to be designed specifically with user’s and the system’s security in mind, not just their privacy.

Since security by design is not yet fully adopted by smart devices designers, users often cannot, or may not know how to, check the security of devices. Instead there is a range of trust decisions being made, from users totally trusting their smart devices to not trusting them at all. It is difficult to gauge where users sit on this scale, whether they assume that their devices are secure because they trust that the developer of the device has their best interests at heart and has taken sufficient measures to keep their, and their home’s, data confidential. Or alternatively, since they are not sure about the security of the device and may not be able to check it, users do not trust the developers, and hence the device, at all. In the latter case, their distrust may even prevent users from purchasing a smart device.

The GHOST system is in a unique position to provide a solution to this. While users cannot guarantee the security of the devices, they can use the GHOST system to continuously monitor and provide feedback on the security status of their devices. It is the virtual equivalent of turning the house alarm on. GHOST will watch the smart devices and let the user know the moment it suspects any device of suspicious activity. Since no security system can ever be 100% secure, GHOST empowers the user with options and opportunities for increased and informed oversight and vigilance.

So, in conclusion, how secure is your kettle? You might not know when you buy it, but using the GHOST system will let you find out.