High-tech devices such as smart TVs, cameras, locks, remotely controlled boilers, lighting and alarm systems are increasingly common in our homes. These “smart objects” are what makes the so-called Internet of Things: a set of devices that are both connected to the internet and manageable easily from our smartphones.
On top of changing everyone’s habits around the globe, the Internet of Things transformed business models across many different industries. The insurance sector, for example, had the chance to create new products, open new distribution channels, and extend its role to include prediction, prevention, and assistance of customers. But even if there are many benefits, the IoT functionality does not take away from potential threats such as privacy and security risks.
In September, Euroconsumers released the results of the ‘Hackable Home’, a project developed with the support of university researchers experienced in cybersecurity aimed at testing the security and reliability of connected home devices across the four European countries of Belgium, Spain, Portugal, and Italy.
During the project, the security and reliability of 16 smart devices of the main brands on the market have been tested (among them: alarm systems, Wi-Fi routers, locks, baby monitors, robot vacuum cleaners, food processors), considering both IT security and privacy policy. The study revealed that security flaws of various kinds in most of the devices we use at home: with 10 of the 16 tested devices affected by a vulnerability labelled to be ‘of high severity or ‘critical’. Moreover, the tests showed that inexpensive devices from unknown brands present an increased risk of serious security issues. On the other hand, also devices from well-known brands can be just as vulnerable.
Focusing on Italy, where the hackable home research project was carried out by Altroconsumo, the most prevalent weaknesses identified were ‘Wi-Fi de-authentication’ – which allows skilled hackers to disconnect the device by turning off the internet -, the possibility of exposing sensitive user data to breaches (due to hardware issues) and insecure factory settings, especially due to the breach of preset passwords.
In this country, according to data from the Observatory of the Politecnico di Milano, the market of smart devices in 2020 was worth 505 million euros: a slight decrease of 5% compared to 2019, certainly due to the consequences of the Covid-19 pandemic. At the top of the list, security tools and smart speakers, followed by home appliances.
No matter what the device is, IoT is becoming more and more common in many different fields – and in all of them we need to have greater reliability. This is why European Commission President Ursula von der Leyen announced a Cyber Resilience Act aimed at setting common cybersecurity standards for connected devices, claiming that “If everything is connected, everything can be hacked”.
This initiative adds to an existing proposal for a Directive on Security of Network and Information Systems, known as the NIS2 Directive. It expands the scope of the previous directive by raising the cyber security requirements for digital services employed in critical sectors of the economy and society.
