DeepSec 2020 Talk: Security of Home Automation Systems – A Status Quo Analysis For Austrian Households – Edith Huber, Albert Treytl
Home Automation System (HAS) are a growing market, which is very diverse ranging from consumer electronics like TVs, mobile phones and gaming consoles via WLAN connected sensors, power plugs or lightbulbs to building automation devices for HVAC systems or access solutions. Beside “classical” network technologies IoT technologies gain increasing spread and importance. This paper presents results of a representative survey analysing the security awareness and perception as well as susceptibility to cybercrime of HAS users in Austria. The aim of this survey is to investigate the spread of the device types, cybercrime attacks and security risks.
These results are compared with technical vulnerabilities of such devices to identify relevant security risks and countermeasures.
Additionally, a concept to protect sensor values directly in the analogue circuit is presented as an outlook to ongoing research.
We asked Edith and Albert a few more questions about their talk.
Please tell us the top facts about your talk.
- The most common HAS are Smart TV, voice assistants and surveillance cameras, but many other applications are on the rise.
- Respondents of the survey say that they always or partly inform themselves actively about the vulnerabilities of their HAS or at least wish to receive appropriate information.
- The involvement of different device types in HAS and their cloud connection broadens the attack surface
- In addition, it will be presented which IT security measures are used in households and what Austrians think about the handling of data from HAS manufacturers.
How did you come up with it? Was there something like an initial spark that set your mind on creating this talk?
Here, the results of a basic research project on the expansion and IT security of HAS are presented for the first time. Our life is full of electronic gadgets, small micro controllers assisting us in our daily live and other electronic devices. Even for HAS attacks are known. Yet we do not know what is out in the field and how users feel about their security.
Why do you think this is an important topic?
In the age of digital transformation and the expansion of Internet-enabled devices in households, the risk of becoming a victim of cybercrime is increasing. Fact-based know-how on usage, cyber security and measures must therefore be developed to reduce these risks.
Is there something you want everybody to know – some good advice for our readers maybe?
Permanent connectivity even of small embedded devices is increasing fast and is starting to affect our lives. We should know how to use them but also how to protect them.
A prediction for the future – what do you think will be the next innovations or future downfalls when it comes to your field of expertise / the topic of your talk in particular?
It can be assumed that cybercriminal activities will increase and the perpetrators will develop new patterns of crime. It is therefore essential to develop new concepts in the field of IT security and to scientifically investigate and understand the typical modus operandi.
Dr. Edith Huber is a senior researcher at the Danube University Krems Her research focuses on Cyber Security, CERTs, Information Security, Communication, Cybercrime, Cyberstalking, New Media, Social Science and Criminology. She has more than 15 years of experience as a security researcher, working in national and international research projects. She is the author of more than 30 peer-reviewed articles and has published numerous books on cybercrime, including the latest book “Einführung Cybercrime”.
Albert Treytl is senior researcher in the area of communication technologies and security. He received his master degree in electrical engineering (focus on computer technology) at the Vienna University of Technology in 2001 with distinction. His research focused on security and communication for resource limited devices in distributed systems.
From 1996 to 2000 he led the development of a bank simulation software for a continuing education network of the Austrian government. End of 2000 he joined the Institute of Computer Technology at the Vienna University of Technology as a research assistant in the area of building control, energy management systems and security. His focus was on security of automation networks such as field busses and wireless ad-hoc networks. The topics of his research projects included web-based interfacing of energy management systems, electronic payment, smart card application development and research, and smart grid security measures.
2006 he joined the Institute for Integrated Sensor System at the Austrian Academy of Sciences, where he is lead the security and vertical integration activities and group. He co-developed an architecture of an agent-based distributed manufacturing execution system including a complete FIPA compliant agent platform hosted on an active RFID supporting full security and continued his work on Smart Grid Security, e.g., in DLC+ VIT4IP (FP7). Additionally, he investigated the security of clock synchronization systems.
Since 2013 he is head of the Center for Distributed Systems and Sensor Networks and deputy head of the Department for Integrated Sensor Systems at the Danube University Krems. His research is dealing with distributed data management and processing in sensor networks and the integration of sensor systems. This comprises securing sensor networks, distributed energy optimization in industrial and office buildings as well as integration of sensors in intelligent traffic systems. Recent research is on digital twins and applications of AI methods for model predictive control strategies.
He is author of more than 50 peer reviewed scientific publications and leader of multiple national and international projects, e.g., REMPLI(FP5), PABADIS PROMISE (FP6) and I3E (SEE).Aside this, he engages himself in various technical committees (IEEE, CEN TC 247 WG4, IEEE1588 standardisation), scientific conferences, and is co-lecturer at the Vienna University of Technology.