Is our Home AI and IoT Smart Devices Secure?
Tue, 28 Aug 2018 || By Priscila Asoka

Who doesn’t know the phrase “Ok Google” or “Hey Alexa”? These days, we live closely with technologies to improve our lives. Smart devices are made to specifically accommodate our needs and AI-powered home devices are one of the most highlighted applications of the IoT supported by AI. IoT promises to be a solution for smarter homes, offices, and vehicles by giving certain devices the ability to connect, receive, and transfer data to each other.[i] According to Gartner, up to 20.4 billion connected devices will be used worldwide in 2020.[ii] However, concerns are raised about privacy security. In May 2018, a family reported that their Amazon’s home AI recorded family conversations and send it to one of their contact list without consent[iii], alarming users of similar devices as well as IoT companies.   

Key questions regarding IoT smart devices’ security will be answered in here. The creation of Internet of Things (IoT), where physical or virtual things are interconnected to provide advanced services for the information society[iv], is the gigantic force behind what we will talk about in this critical questions.        

 

Q1. What is the significance of home AI and how’s its market growth?

Big tech companies have been pursuing the home AI field by creating smart speakers that sell excellently well in the market. There are Amazon Echo, Apple HomePod, Google Home, Samsung Galaxy Home, Xiaomi Xioa AI, and so much more. These devices have their own strengths and weaknesses compared to each other, but their main use is to provide easy access to music, news, weather, do searches and appointment checks, as well as connect to other smart devices all through voice command.[v] Such capabilities are made possible with the integrated AI software powering them - in this case, they are Amazon Alexa, Apple Siri, Google Assistant, and Samsung Bixby as the helpful ‘personality’ behind their respective devices.

Users of home AI smart speakers grow in a faster rate compared to other technology products since the smartphone, as it is forecasted to skyrocket by 47.9% in annual growth rate.[vi] The industry that is now dominated by Amazon and Google will see the same two main players in the future as both companies continued to engage in a competitive battle sales. Although Amazon started strong in 2017 as the best-selling smart speaker (80% of the smart speaker market), Google managed to beat Echo’s 2.5 million sales with its 3.2 million sales in early 2018.[vii] Google is believed to have an upper hand thanks to its smartest assistant[viii], but technology advancements may surprise us in the future.               

    

Q2. Why are IoT and home AI’s security important to strive for?

Cybersecurity for the IoT has become an important matter to discuss. Home AI smart devices are capable of collecting its user’s data and learning its user’s preferences. The things we say or do at home are sensitive data and those data kept by IoT devices are vulnerable to possible cyberattacks. So far, too many IoT devices do not possess an adequate security standards. The lack of security measure in its design makes it easy for hackers to access routers, webcams, and other crucial parts of IoT devices. Symantec reported that attacks against IoT devices increase by 600% from 2016 to 2017.[ix]

 Attacks using IoT botnets have happened before and they left damaging impacts. In 2016, a malware called Mirai infected computers, and in result the computers infect vulnerable IoT devices with the malware by using the default usernames and passwords to log in.[x] Senrio, an IoT security firm, have done an elaborate hack to show how attackers can create an attack chain from one vulnerable IoT device to another.[xi] Without a doubt, the security for smart IoT devices including the ones for homes is prominent, as one vulnerable device may lead the other smart devices at risk and wreak havoc.            

 

Q3. What are the existing - and the future possible - cybersecurity regulations for home AI?

To avoid unwanted risks, standardization of IoT devices is a must. Devices made by companies can get certification in order to be ruled according to the standards and be recognized as a trusted device by users. Manufacturers of IoT devices have to properly address their products’ vulnerabilities against cyberattacks. Consumers of IoT devices have to do their own share of responsibility in order to avoid outside threats, including using a third-party security tool and changing default passwords on their devices.[xii]

The United States proposed a new bill to establish IoT devices cybersecurity standards. The bill itself required IoT device, software, and firmware providers to certify compliance with specified controls and regulations regarding security.[xiii] European Union also have paid special attention to the matter by planning to apply pressure on IoT device manufacturers through the EU Cybersecurity Act with similar requirements as the bill proposed by the US.[xiv] Once the majority of the world is set on strict and specific laws for IoT devices, IoT cybersecurity won’t be a red-flagged issue anymore.  

The use of Internet of Things devices in our lives increasingly prevails day by day. Even the seemingly-simple usage of IoT device in homes are at risk of attacks causing data breaches. The government, manufacturers, and consumers all have their own parts to take in order to create a safe environment for everyone to utilize AI smart devices.   


[i] Ismail, N. (2018). The Internet of Things: The security crisis of 2018? [online] Information Age. Available at: https://www.information-age.com/internet-things-security-crisis-123470475/ [Accessed 10 August 2018]

[ii] Gartner. (2017). Gartner Says 8.4 Billion Connected “Things” Will Be in Use in 2017, Up 31 Percent From 2016. [online] Gartner Inc. Available at: https://www.gartner.com/en/newsroom/press-releases/2017-02-07-gartner-says-8-billion-connected-things-will-be-in-use-in-2017-up-31-percent-from-2016 [Accessed 10 August 2018]

[iii] Sumagaysay. (2018). Here’s why Amazon’s Echo recorded a family’s conversation. [online] The Mercury News. Available at: https://www.mercurynews.com/2018/05/25/heres-why-amazon-echo-recorded-a-familys- conversation/ [Accessed 25 August 2018]

[iv] Internet Telecommunication Union. (2012). Internet of Things Global Standards Initiative. [online] ITU. Available at: https://www.itu.int/en/ITU-T/gsi/iot/Pages/default.aspx [Accessed 10 August 2018]

[v] Bell, D. (2018). 5 great AI-powered home devices that will improve your life today. [online] T3. Available at: https://www.t3.com/features/5-great-ai-powered-home-devices-that-will-improve-your-life-today

[vi] Koetsier, J. (2018). Smart Speaker Users Growing 48% Annually, To Hit 90M In USA This Year. [online]. Forbes. Available at: https://www.forbes.com/sites/johnkoetsier/2018/05/29/smart-speaker-users-growing-48-annually-will-outnumber-wearable-tech-users-this-year/#27767f15ddec [Accessed 10 August 2018]

[vii] Koetsier, J.

[viii] Koetsier, J. (2018). AI Assistants Ranked, Google’s Smartest, Alexa’s Catching Up, Cortana Surprises, Siri Falls Behind. [online] Forbes. Available at: https://www.forbes.com/sites/johnkoetsier/2018/04/24/ai-assistants-ranked-googles-smartest-alexas-catching-up-cortana-surprises-siri-falls-behind/#f8e2dc492aaf [Accessed 10 August 2018]

[ix] Symantec. (2018). Internet Security Threat Report, Volume 23. Available at: https://www.symantec.com/content/dam/symantec/docs/reports/istr-23-2018-en.pdf [Accessed 25 August 2018]

[x] IoT For All. (2017). The 5 Worst Examples of IoT Hacking and Vulnerabilities in Recorded History. [online]. Available at: https://www.iotforall.com/5-worst-iot-hacking-vulnerabilities/ [Acessd 10 August 2018]

[xi] Newman, L. H. (2018). An Elaborate Hack Shows How Much Damage IoT Bugs Can Do. [online] Wired.com. Available at: https://www.wired.com/story/elaborate-hack-shows-damage-iot-bugs-can-do/ [Accessed 10 August 2018]

[xii] Ismail, N. (2018). The Internet of Things: The security crisis of 2018? [online] Information Age. Available at: https://www.information-age.com/internet-things-security-crisis-123470475/ [Accessed 10 August 2018]

[xiii] Meade, C. (2017). A Summary of the Recently Introduced “Internet of Things (IoT) Cybersecurity Improvement Act of 2017”. [online] Inside Privacy. Available at: https://www.insideprivacy.com/data-security/cybersecurity/a-summary-of-the-recently-introduced-internet-of-things-iot-cybersecurity-improvement-act-of-2017/ [Accessed 10 August 2018].

[xiv] Eustice, J. C. (2018). How the EU cybersecurity act could set standards that impact legal liability and cross-border data flows. [online] IT Pro Portal. Available at: https://www.itproportal.com/features/how-the-eu-cybersecurity-act-could-set-standards-that-impact-legal-liability-and-cross-border-data-flows/ [Accessed 10 August 2018].

Editor: Atin Prabandari, MA, Nabeel Khawarizmy Muna, S.IP., Treviliana Eka Putri, MIntSec