In Europe, smart homes are now in trend: there has never been such a high demand for smart security systems, controllable lighting devices and air conditioners, as well as for home automation that allows them to be retrofitted. According to statistics portal Statista, residents in Germany alone will spend about 1.3 billion euros on SmartHome systems this year. And thus they will be in third place in the world – right after the USA and China.
The reasons for this boom are manifold: while home automation used to be costly, now more and more manufacturers are entering the market with low-cost private solutions. Many people have an inherent need for security, whether it be protection from burglars, fire, or burst pipes. Now they are offered appropriate products that give them control over their home.
It is impossible to overestimate the comfort factor when there is controlled lighting and heating. In some ways, the state also contributes to such popularity: on the one hand, one of the requirements of credit institutions for new buildings in Germany has become, for example, retrofitting with burglary protection, on the other hand, new laws are being adopted, according to which the installation of smoke detectors becomes mandatory.
Mandatory Cloud and Server – System Vulnerability
No matter how highly people rate smart home systems, there is also a fair amount of skepticism towards products – simply because they are often impossible to use without Internet access and cloud services. And these fears cannot be called unfounded, because there is enough evidence of the vulnerability of smart homes. Security provider Sophos is currently experimenting with a smart home system that is a tempting target for hackers.
The construction process, which could be seen live on CeBIT, very expressively demonstrates that a smart home is scanned by intruders for vulnerabilities in the same way as a home computer or server. And the number of insecure systems is countless: last year, discounter Aldi sold an IP webcam that could be used without setting a password. The consequence of this recklessness is an insecure live streaming directly from your own living room. Although the seller provides an update, it must be installed manually. And the Aldi webcam model is far from the only case that a simple Google search turns up for “unsecured cameras.”
In search of a safe product, users stumble upon hordes of manufacturers using dozens of their own signaling and security standards that no one can truly verify. Added to this is a weak user manual and a manual firmware update mode that creates problems for users who are not savvy enough in technology.
In early March, the Exploitee.rs hacker group exposed two major vulnerabilities in Western Digital’s popular My Cloud NAS: Each of the hackers managed to become a NAS administrator by simply changing session cookies. And the second bug allowed access through a simple manipulation of PHP – at the moment, the manufacturer has closed only vulnerabilities related to cookies.
There are many ways to effectively protect a smart home, which we will tell you about. Of course, the best protection is an independent system that can function without access to the Internet. But the question remains: who will offer this?
Equipment with smoke detectors
With the introduction of the mandatory installation of smoke detectors in a number of European countries, more and more smart fire alarm devices are being installed that connect to the Network or send an alarm via a cloud service directly to a smartphone.
> New smoke detectors must meet the requirements of DIN 14604. These include, for example, a signal level of at least 85 dB(A), a test function and an early warning for battery replacement.
> The price range is from a few hundred rubles for simple devices to 10,000 – 15,000 rubles for models with smart functions and cloud support. If someone fears for access to the cloud, one can use smoke detectors with a radio signal, which are connected via a network only to each other. If there is a fire in the basement, the detector in the bedroom will also go off.
Radio detectors in most cases are sold as a set and cost from 1,500 rubles apiece.
Full functionality without the cloud is rare
We asked the largest manufacturers of smart home equipment systems, what is the functionality of their systems without the Internet and what hardships will have to endure. For example, Philips Hue and Osram Lightify lighting systems can be used without Internet access – however, nothing else was expected from lamp control. True, when setting up the program for the operation of Osram system fixtures, the Internet is still required.
To control the system via a smartphone application, of course, you also need access to the Web. The same applies to Qivicon’s Home Base in relation to their cloud services, such as webcam control. Otherwise, Qivicon devices are managed and configured via WLAN – smart functions are built into the base station. Everything looks absolutely similar with Devolo smart home products.
A manufacturer like Innogy is trying to give users as much independence as possible. After completing the smart home settings, the base station can do without an Internet connection for the rest of the time. In addition to security and air conditioning systems, Innogy also provides smart roller shutters, almost completely providing the user with smart home equipment.
Arguably the largest home automation product range available from HomeMatic, it can also operate autonomously without Internet access. The same goes for the Eqiva systems, which, like HomeMatic, came out of the eQ-3. In the case of HomeMatic IP, which is a pure cloud solution, as the name implies, it is impossible to do without the Network.
Brand new to the European market is Nest, a former division of Google, with its smoke detectors and indoor and outdoor cameras. If you refuse remote access, then the smoke detectors and thermostat work even without an Internet connection. However, updates here are installed only through the cloud. And both Nest cameras require access to the cloud service at all times.
Recently, Medion has also entered the ranks of smart home solution providers and offers quite a wide range of options with motion and smoke detectors, an IP camera, switched sockets and LED lamps. Here, the control center is also built into the base station and, in principle, dispenses with the Network. True, if two active elements are connected to each other, for example, a motion sensor and a camera, then you still cannot do without a cloud service.
Smart home products from the company that used to be a division of Google are now available in Europe – at least the Protect smoke detector with indoor and outdoor cameras. The Nest thermostat will be on sale soon.
> Premium devices from Nest can be used without being tied to the cloud if you do not plan to install remote access.
> The smoke detector detects carbon monoxide. When emitting smoke, he first gives the residents a speech warning, and only then the siren goes off. Prices are about 8,000 rubles for a sensor and 14,000 rubles for cameras.
Cloud services as an argument for economic feasibility
Nothing works for D-Link without access to the Internet: any interaction between the control application and the system goes through the mydlink cloud service. True, the timer and webcams with already installed settings can continue to work without the Internet. To protect against hacking, D-Link even recommends using a router with a UMTS back-up link so that alarm systems can continue to function after the DSL or cable connection becomes unavailable.
There is no uniformity in Mobilcom-Debitel smart home systems. In particular, heating control works without the Internet, and in terms of security and control, the cloud service generally becomes a reason to purchase. For example, the Smartfrog camera connects exclusively to the cloud and stores video content only on Mobilcom servers. The supplier justifies this with a higher level of security, because during break-ins, thieves often take cameras with SD cards with them, especially in cases where the cameras are located so that any unauthorized person can easily detect and remove them.
Mobilcom-Debitel control systems have their own security features that are triggered if motion sensors or window sensors sound the alarm – it is clear that a direct connection to the cloud is indispensable here. In addition, the Mobilcom cloud service, unlike other services, reacts to the disconnection of the DSL cable – for example, when breaking into a home. Therefore, the base station includes a backup router with UMTS, which in this case will still transmit the alarm.
The uninterruptible power supply system that the base station is equipped with, in the event of a power outage, allows the safety functions to operate for about 48 hours. In addition, Mobilcom-Debitel is the only company that offers systems for rent only.
Protect your smart home yourself
So, most smart home systems can be used without Internet access in one way or another. When using remote access and – above all – when updating the firmware, cloud services are, of course, indispensable. However, steps can be taken to reduce the risk of attacks on smart homes. So, for all devices that require access to the Internet, you should use only strong passwords.
Moreover, you need to change the name of the standard account “Admin” or deactivate it. Many hackers scan the Web looking for these standard users, and this is especially true for IP webcams. The firmware should also always be up to date, and it’s best not to rely on it being installed automatically here. In addition, IP cameras are almost always automatically registered with a web server at the start of their use – this is convenient, since real-time streaming goes directly through the site, regardless of location and device.
On the other hand, such registration is a wide-open door for hackers. It may be advisable to completely close access to the Internet for devices that are too interesting from the point of view of hackers. This can be configured through the web interface of the router: for current Asus models, this is done in the “Advanced settings / WAN” menu in the “Port Forwarding” (or “Port Forwarding”) section.
Guest network and VPN are more reliable
The next strategy to increase the level of security: all devices in the smart home system must be connected to their own WLAN network. This does not necessarily require a second router, as many current models allow you to create guest networks. They provide access to the Internet, but not to data and devices on the main WLAN. This separation also means that once configured, it only takes one click to disconnect the smart home system from the Internet. If you change configurations or update the firmware, you can easily reactivate network access.
When using a Virtual Private Network (VPN), it is possible to access smart home components encrypted without the detour via a cloud server. With Raspberry Pi and OpenVPN, you can also create your own VPN server. Thus, even outside the home, the mobile phone from which the smart home system is controlled and controlled will remain part of the home LAN network.
NAS as a video surveillance server
If you want to record and store video footage from network IP cameras, you need a constantly running computer with plenty of memory – ideal for Network Attached Storage (NAS). Manufacturers such as Synology and Qnap provide an app for many of their NAS. It connects local IP cameras to the NAS. For Qnap, Surveillance Station is loaded from the application center of the NAS operating system for this. First you need to run IP cameras with a router through a local PC. Then you need to set up the recording and output of the video stream in Surveillance Station.
The camera image will be displayed either in the PC application or in the web interface of Surveillance Station. In this case, you can display images from several cameras at the same time, and it will also be possible to control PTZ cameras. With an optional application (QUSBCam), you can even use USB webcams to monitor your home. In the case of models for NAS brand Synology, the video station works in a similar way. The NAS should be equipped in such a way that it remains invisible and inaccessible to hackers.
If you follow security standards, always use up-to-date firmware, properly secure your router and WLAN, and use a VPN connection whenever possible, you can join the popular trend with a clear conscience and make your home smart.
PHOTO: Nest; mumbi; Panasonic; manufacturing companies