https://tisiphone.net/2019/01/28/security-things-to-consider-when-your-apartment-goes-smart/
By Lesley Carhart
https://twitter.com/hacks4pancakes
January 28, 2019
A couple weeks ago, I vented my frustration as an ICS security professional at
my apartment building forcibly converting to networked smart locks. My tweets
were widely misinterpreted, so I'd like to talk a little bit about privacy and
security aspects to consider if (when) the property you rent from decides to go
"Smart". To be abundantly clear, I'm not opposed to Smart Home systems -- most
of us want to live in Star Trek and these devices are a way to a more
convenient future. However, there are right ways and wrong ways to implement
them, and many substantive privacy and security questions to ask as we move
forward into that future.
What’s Your Threat Model?
Before we go any further -- when we're talking about things that impact
personal safety, it's crucial to think about the specific, realistic threats
that we (or our families) face. In this blog, I'm going to talk about ways that
consumer IoT and Smart Home systems can be abused to cause risk to safety and
privacy. If your number one concern for your safety is a casual criminal
breaking your lock and stealing your TV, and the loss of your activity data
isn't something that substantially impacts or bothers you, you might decide
that a flawed Smart Home system is an acceptable risk (or even a net benefit).
The EFF has a lovely guide on personal threat modeling here. I also enjoyed
Sean Gallagher's article in ArsTechnica. Always that risk to your person or
sensitive data is a combination of threat and vulnerability.
My threat model is not your threat model. I investigate nation state and
criminal hacking for a living, and I’m a social media personality. Understand
your own, and how security and privacy changes will impact it.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
