BSidesBCN21 - Smart Home Devices: Assets or Liabilities? (Jonah Bellemans)

BSidesBCN21 - Day 2 - Arc de Triomf Track Smart Home Devices: Assets or Liabilities? (Jonah Bellemans) Over the past few years, the global market share of Smart Home devices has been growing strongly, and it is forecast to keep enjoying increasing growth for the foreseeable future. This explosion of devices on the market has caused many companies to push out their products for highly competitive prices at a rapid pace. Even though these home automation devices often offer a wealth of interesting and exciting features, there is no easy way for consumers to assess their security at the time of their purchase. Just like the demand for smart home devices has spiked, so has the amount of media coverage on data breaches, privacy violations or security issues associated with these devices. At the time of writing, the European Union Agency for Cybersecurity (ENISA) has published several guidelines for manufacturers to assist them in securing their Internet of Things (IoT) products, which these Smart Home devices are a part of, but binding regulations do not exist. Due to how close these devices are tied into our daily routines and living spaces, they are a tempting target for malicious actors, posing a serious security risk. When buying an off-the-shelf solution in an (online) shop, the consumer generally expects devices to hold up against a baseline of security and privacy expectations, but has no way of verifying if this is indeed the case. This research assesses the current state of the market by taking a closer look at the security and privacy implementations of a range of devices currently available in popular stores and online shops. Furthermore, I’ll investigate a potential need for binding regulations and formulate some recommendations on how these IoT devices can be tested and regulations can be enforced. About Jonah Bellemans I am a consultant for NVISO Security with a passion for cyber security and ICT & privacy law. Trying to bridge the gap between law and engineering, I am currently following an additional Master’s degree in ICT & IP Law at KULeuven. I am a licensed ham radio amateur with call sign ON5AD. I am aiming to one day obtain a private pilot’s license.