Search

What a security expert thought of a few new smart-home devices at CES 2018

192

To judge from the cornucopia of connected household devices on display at CES 2018, there is no product that manufacturers deem unworthy of being graced with a processor, a cloud service, and a companion app.

Sleepace exhibit. This Shenzhen, China-based firm aims to optimize your shut-eye by tracking both your sleep patterns and your nighttime environment with various sensors that include a “smart mattress” pad.’ data-reactid=”19″>My first stop was at the Sleepace exhibit. This Shenzhen, China-based firm aims to optimize your shut-eye by tracking both your sleep patterns and your nighttime environment with various sensors that include a “smart mattress” pad.

a CES 2018 panel about security.’ data-reactid=”21″>“The challenge with embedded systems, as we saw with the Mirai attacks, is that we have all this computational power that can be misused,” said Bort, who spoke on a CES 2018 panel about security.

But when we asked what sort of security testing Sleepace ran, sales manager Emily He said “That is a good question.”

Streety that lets neighbors share video from their security cameras.’ data-reactid=”25″>Our next visit on the floor of the Las Vegas Convention Center  was a corner booth for Vivint. The Provo, Utah smart-home firm’s exhibit featured an upcoming, free app called Streety that lets neighbors share video from their security cameras.

The idea here is to enable the same kind of information sharing that already happens on neighborhood mailing lists — if a package vanishes from your front porch, you would use Streety to see if any neighbors’ cameras caught the thief.

We got some detail about such workings of the app such as its encryption of shared video streams to prevent snooping. But the Streety developers we talked to couldn’t answer more in-depth queries like whether the company self-professed adoption of industry best practices extended to things like hiring “red-team” hackers to break into its app.

“We got the security brush-off again,” summed up Bort. The most common reason this happens at marketing-oriented events like CES: The people who do know the answers don’t attend the event. “They don’t bring the security team.”

(Hopefully, the security team actually exists.)

LOGM).’ data-reactid=”34″>But ShadeCraft Chief Operating Officer Sarahgrace Kelly couldn’t provide any details on the company’s approach to security beyond noting that its cloud services run on Zively, an IoT-optimized platform run by LogMeIn (LOGM).

Numi.’ data-reactid=”37″>We wrapped up this IoT tour with a visit to Kohler’s exhibit and the assortment of connected bathroom hardware that included a smart toilet, the $7,500 Numi.

Setting aside the real-world utility of a toilet with a touchscreen remote, this thing appears well secured out of the box simply because it doesn’t connect to the internet. Without that, its “attack surface” — the components that could in theory be attacked remotely — is limited to the Bluetooth connection used to stream music from nearby devices.

databases getting left open on cloud storage platforms provides more than enough evidence that their choices aren’t always smart.’ data-reactid=”45″>“Microsoft, Google, Amazon, those folks are really good at what they do,” he said. But the security of an app on those cloud services depends on choices made by the company running an app — and the recent rash of databases getting left open on cloud storage platforms provides more than enough evidence that their choices aren’t always smart.


Leave a Reply

Your email address will not be published. Required fields are marked *