Security Implications of Permission Models in Smart-Home Application Frameworks

IEEE Software magazine via InfoQ:  Analysis of a popular programming framework reveals that many smart-home apps are automatically overprivileged, leaving users at risk for remote attacks that can cause physical, financial, and psychological harm.

Smart-home technology has evolved beyond basic convenience functionality, such as automatically controlled lights and door openers, to provide tangible benefits. For instance, water flow sensors and smart meters facilitate energy efficiency. IP-enabled cameras, motion sensors, and connected door locks offer better control of home security. However, attackers can manipulate smart devices to cause users physical, financial, and psychological harm. For example, burglars can target a connected door lock to plant hidden access codes1.

Early smart-home systems had steep learning curves and complicated device setup procedures and thus were limited to do-it-yourself enthusiasts. (Many forums exist for people to exchange know-how, such as this one.) Recently, several companies introduced cloud-backed systems that are easier for users to set up and that provide a programming framework for third-party developers to build smart-home apps. Examples of such frameworks are Samsung's SmartThings, Apple's HomeKit, Vera Control's Vera3, Google's Weave/ Brillo, and AllSeen Alliance's AllJoyn (including Qualcomm, Microsoft , LG, Cisco, and AT&T).

We consider the security implications of a key component of such smart-home programming frameworks: their permission models. These models limit the risk third-party apps pose to users and their devices. We first survey the permission models of Apple HomeKit, IoTivity, AllJoyn, and SmartThings, then discuss results from a deep-dive analysis of the SmartTh ings framework2.  Full Article:

Comments (0)

This post does not have any comments. Be the first to leave a comment below.


Post A Comment

You must be logged in before you can post a comment. Login now.

Featured Product

Octava -4K UHD Video Over LAN Matrix Switch. Video Wall Processor

Octava -4K UHD Video Over LAN Matrix Switch. Video Wall Processor

The Octava PRO DSX is a simple to use, powerful video distribution solution designed to deliver HD video including 4k UHD from multiple sources to multiple displays. The PRO DSX also functions as a Video Wall processor to create n x m video walls. The PRO DSX delivers HD video over standard CATx LAN cables allowing for simple integration in virtually any infrastructure. The PRO DSX was specifically designed for ease of use for residential installations and engineered for scalability to accommodate large video distribution systems such as education, corporate , and hospitality applications. Easy to configure and customize for your video system - Build virtually any size video matrix switch system. The Pro DSX is a scalable platform enabling easy system growth. Simply add PRO DSX TX for each video sources required and a PRO DSX-RX per display. Video Wall Support- The PRO DSX features a built-in video wall processor that enables you to create custom video walls.