Home Publications Technical State of Security for Smart Home Devices

State of Security for Smart Home Devices

Author: Riscure Team

Recently, Riscure analyzed the security of commonly used smart home devices such as WiFi routers, gateways, door locks, and cameras. The results of the analysis reference ETSI TS103.645 specifications to illustrate the current market state in comparison to European recommendations.

Cybersecurity and IoT

IoT end-consumer products with smart functions and network connectivity are more adopted than they were before, which also leads to the rising cybersecurity risk. Therefore, security levels required for sufficient protection of the product are introduced by government bodies worldwide.

Riscure has over 20 years of experience in evaluating the security of these consumer products as well as perform independent studies into the state of security in various markets. During the security assessment of smart home devices, Riscure used standard security analysis techniques such as analyzing the internals, acquiring, and reverse engineering the firmware. Additionally, analysis of the device paired smartphone applications was also performed where possible. The results of these security assessments were mapped to ETSI TS103.645 to provide an easier depiction of the current state of the market compared with the European recommendations.

ETSI standard

Compared to the development of functionality for modern connected sociality, Riscure sees potential developments needed to achieve the required level of security under the ETSI recommendations. This paper describes the research and results in detail, including how the vulnerabilities, such as runtime control, issues with firmware updates, protocol vulnerabilities, password issues, and insecure communication affect the device security, how they rate against the ETSI standard, and what can a vendor do about it.

In this paper, we present groups of issues found in smart home devices. Additionally, every issue is referenced to the specific ETSI standard requirement and followed with a recommendation for the developer. Some of such issues are related to:

  • Open debug interface
  • Fresh encryption and authentication
  • Passwords
  • Firmware updates
  • Insecure communication and management

Download the free whitepaper now

Recent publications

Fault Mitigation Patterns

Fault Mitigation Patterns

To make it easier for developers to protect their security-critical devices, Riscure created this paper discussing patterns that can cost-effectively mitigate the code.

read more
Share This