Security Implications of Permission Models in Smart-Home Application Frameworks

IEEE Software magazine via InfoQ:  Analysis of a popular programming framework reveals that many smart-home apps are automatically overprivileged, leaving users at risk for remote attacks that can cause physical, financial, and psychological harm.

Smart-home technology has evolved beyond basic convenience functionality, such as automatically controlled lights and door openers, to provide tangible benefits. For instance, water flow sensors and smart meters facilitate energy efficiency. IP-enabled cameras, motion sensors, and connected door locks offer better control of home security. However, attackers can manipulate smart devices to cause users physical, financial, and psychological harm. For example, burglars can target a connected door lock to plant hidden access codes1.

Early smart-home systems had steep learning curves and complicated device setup procedures and thus were limited to do-it-yourself enthusiasts. (Many forums exist for people to exchange know-how, such as this one.) Recently, several companies introduced cloud-backed systems that are easier for users to set up and that provide a programming framework for third-party developers to build smart-home apps. Examples of such frameworks are Samsung's SmartThings, Apple's HomeKit, Vera Control's Vera3, Google's Weave/ Brillo, and AllSeen Alliance's AllJoyn (including Qualcomm, Microsoft , LG, Cisco, and AT&T).

We consider the security implications of a key component of such smart-home programming frameworks: their permission models. These models limit the risk third-party apps pose to users and their devices. We first survey the permission models of Apple HomeKit, IoTivity, AllJoyn, and SmartThings, then discuss results from a deep-dive analysis of the SmartTh ings framework2.  Full Article:

Comments (0)

This post does not have any comments. Be the first to leave a comment below.


Post A Comment

You must be logged in before you can post a comment. Login now.

Featured Product

Video Mount Products IWB-1B In-Wall Box

Video Mount Products IWB-1B In-Wall Box

As flat panels themselves become increasingly slimmer, customers are looking for even more ways to get these mounted TVs and monitors as flush with the wall as possible. The Video Mount Products IWB-1B is an in wall box that allows up to a 32-inch flat panel to fully collapse into a wall. It installs easily between two 16-inch on center wooden studs, has integrated cable and electrical knockouts, and a high load capacity. The IWB-1B works with the LCD-1B and LCD-2537B mounts. The IWB-1 is yet another option for discerning installers and customers who demand both aesthetic appeal as well as the famed VMP reliability. Whether in the office, commercial install, home, or any other application where a low-profile wall mounted flat panel option is desired, the VMP IWB-1B is the answer.