Parks Report Urges Home Security Industry to Step Up Encryption Efforts
Almost two-thirds of home security system owners believe wireless signals from their system are encrypted, though the practice isn't industry-standard, said a Wednesday Parks Associates report, sponsored by Qolsys. The same report said 64 percent of U.S. broadband households are concerned about security and privacy when using their connected devices.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
"Many security owners would be surprised to discover the reality falls shorts of their expectations regarding the security of their home security system," said analyst Tom Kerber. Cybersecurity threats toward connected products and home security systems are spiking and require “constant vigilance,” said Kerber, saying emerging tools are helping dealers understand evolving threats from cybersecurity attacks and to “choose the right partners to address vulnerabilities” and respond to them.
Security systems still operate using a one-way, unencrypted signaling protocol developed in the 1980s: Every time a door sensor is activated or a key fob disarms the system, the unencrypted communication is vulnerable to a replay attack, said the research firm. In a replay attack, someone records the wireless communication signals and later plays the signals back using signal interception technology that has become affordable and easily accessible on the internet, it said. “When one of these devices replays a sensor’s signal, the security system will respond as if the signals came from the actual sensor in the home.”
Consumers and security dealers expect that security systems are secure, yet many systems installed today have known vulnerabilities, said the report. Security installations increasingly include smart home devices, a prime target of cyberattacks. Parks’ data says U.S. security dealers estimated 75 percent of their system sales include at least one smart home device.
The cost of allowing customers to remain vulnerable to potential cyberattacks can be "tremendously high even if the systems are not hacked," Parks said, citing a multimillion-dollar lawsuit recently settled by a major security firm of claims its network was secure while its sensor communications weren't encrypted.
Dealers’ role in preventive network security actions include installing network firewalls and passwords as a prevention layer, it said, and they can offer homeowners advice and additional services. ADT recently announced a preventive network service that uses Symantec’s Norton Core network security device, the report noted.
The National Institute of Standards and Technology developed a cybersecurity framework that outlines cybersecurity measures in five areas: identify, protect, detect, respond, and recover (see 1804170042) to “'facilitate and support the development of a voluntary, consensus-based, industry-led set of standards, guidelines, best practices, methodologies, procedures, and processes to cost-effectively reduce cyber risks,'” said Parks. The framework describes voluntary standards, “but it is only a matter of time before mandatory cybersecurity standards are enacted,” Parks said, encouraging the security industry not to wait for regulators to mandate encryption. “While compliance is still voluntary, security dealers have the opportunity to evaluate the risk versus the cost of installing security systems that address cybersecurity threats,” said the report.
As residential security converges with the IoT, it is “critical that end-to-end security and automation solutions are secure," said Dave Pulling, CEO of Qolsys, a Silicon Valley-based security panel company that uses Alarm.com’s two-way services platform, an Android-based operating system and a 7-inch touch panel made by Foxconn. Bridging the gap between legacy protocols, newer technologies and proper security and authentication software “will be critical for the industry to thrive,” said Pulling.