Study finds smart home tech gaining popularity, yet still insecure
The non-profit prpl Foundation has unveiled its global study on the use of smart devices in a domestic setting entitled, “The prpl Foundation Smart Home Security Report.” The one-of-a-kind study, which was conducted through OnePoll, covers the proliferation of smart device use and security within the home.
It surveyed 1,200 respondents across the US, UK, France, Germany, Italy and Japan to discover the measures people take to secure their smart homes and their attitudes about the security of devices. Some key findings include:
- The smart home isn’t coming; it’s already here and device adoption in certain cases has reached a tipping point
- The smart home is woefully insecure due to users’ failure to follow best practices
- Consumers prefer security to usability, and they’re prepared to take more responsibility if it means living in a safer home
The study also found that geographically speaking, reported adoption of smart devices per household was strongest in the continental European nations of France (5.8 devices), Italy (5) and Germany (4.5), with the UK (2.6) and US (2.4) around the same level as each other. Japan has an average of just one smart device per home.
“Little research has been done on a large enough scale to uncover the level of penetration of smart devices in the home, and more importantly, the security implications,” said Art Swift, President of the prpl Foundation. “What we’ve uncovered is that the smart home is actually mainstream, as 83% confess to having connected devices, not including laptops, computers and smartphones, in use in their homes. Game consoles, wireless printers and smart TVs were the most popular and yet security concerns have been raised about all three over recent years.
“Once it was established how pervasive smart technology in the home is, we also wanted to find out whether consumers are aware of the risks of the connected home and if homeowners would ultimately take responsibility for securing this new cyber domain, just as they would their physical front doors,” Swift continued.
The equivalent to the front door in the case of the cyber world is the home router. It is the conduit through which all domestic internet traffic passes. But while homeowners traditionally lock their physical front doors, the prpl Foundation study found that many are failing to secure their smart home by securing their routers. Failure to patch vendor updates could open critical vulnerabilities which hackers can take advantage of to eavesdrop on traffic and hijack smart devices.
The prpl Foundation Smart Home Security Report main findings are:
- Over half of respondents (57%) said they updated the router firmware “at least once a year.” But shockingly, 20% of respondents have never done so, and 23% didn’t even know it was possible.
- Firewall ports should never be opened, yet users often think they need to be open in order for their internet-connected home services to work. An extraordinary 93% of consumers regularly leave one or more ports open on their router firewall.
- Nearly half of respondents (46%) have never configured their router security settings.
The final noteworthy findings from the study come from consumer attitudes towards security and how open they are to trading off usability and minor inconvenience for a more secure device. While consumer electronics makers have often acted on the basis that security interferes with usability – that it’s commercially imprudent to release more secure devices or systems which are slightly less user friendly, the prpl study shows that an overwhelming number of consumers would favour security over ease-of-use.
Two key findings in this area include:
- Users are prepared to take more responsibility for security. Some 60% of respondents said they think the home user should take ownership of securing their connected devices, versus the manufacturer (20%) or service provider (20%).
- Over 40% of respondents would generally prefer to pay more for more secure devices.
“As is the case with so many things in life, what users say they would do and what they actually do fail to align, and this has to be down in large part to education,” said Cesare Garlati, Chief Security Strategist for the prpl Foundation. “However, it is heartening to see consumer attitudes shifting somewhat and this is something the IoT industry in general would do well to take note of.”
To help with this education, the prpl Foundation has put together its top tips for better smart home security:
- Regularly check for router firmware updates
- Change default password on router
- Configure firewall policies
- Enable MAC filtering
- Use guest network for guest devices
- Use guest network for home devices
- Disable UPnP
- Close all ports on your firewall