Smart appliances on your home office network could be a cybersecurity risk

Everywhere in many homes, devices like appliances and entertainment “talk to the cloud.” Sure, they are convenient, but experts warn, also problematic, particularly regarding personal privacy, security, or safety.

Exploration is now underway how to protect home systems from hackers, including how artificial intelligence can help

And its not just appliances. The problem is multiplied because almost a third of former office staffs are working from home. Cyberattack frequency in the home has increased 238% since the beginning of the pandemic, based on a study by Alliance Virtual Offices.

In a study conducted by Tenable, a cyber exposure management company, 74% of organizations surveyed attribute the recent business impact of cyberattacks to the vulnerability of remote work.

Until recently, the trend over the past 20 years has been to go beyond large centralized corporate IT systems toward medium and small business networks, according to Robert Boles, president of Blokworx, a local managed services provider (MSP) with offices in Larkspur and throughout the San Francisco Bay area.

“In the past, serving the home cybersecurity market was not deemed profitable, so IT firms opted to serve the small-to-medium business (SMB) and above categories,” Boles said.

“Today, the need to have outside support to manage network security has trickled-down to the residential level where most people are consumers, not electronics savvy, and without an IT department at their disposal and don’t have the tools and know-how to effectively cope with such problems on their own,” Boles said.

So how does the average remote working employee accomplish this if the in-home network is compromised?

“If something is vulnerable, it will be expected, but everything is vulnerable in some way. It boils down to what the market will bear. The concern has been as to whether residential IT and IoT users are willing to pay $40 to $50 a month or more for an MSP?”

So how do we protect business users and those working at home?

Boles said his firm worked with Allen, Texas-based Cytracom and CEO Zane Conkel in 2021 on a software-defined wide area network secure-access, secure-edge product (SD-WAN-SASA) that allows enterprises to leverage a combination of transport services to securely connect users to applications.

Cytracom’s product, called ControlOne, puts a software “agent” on a laptop configured to manage the device based on permissions that must be used before anyone would have access to trusted links. If the laptop is left in the office, the system senses that, but if in a home, it would create a secure data ”tunnel“ to connect to the office server.

ControlOne is designed to know the IP addresses at the office and the public network, as well as the network it is on, and The system has a “phone-home component” to see if it is on a friendly network. It can authenticate itself to the domain, knows the profile of the machine with a fingerprint to authenticate it for encryption.

Cytracom partners with Deep Instinct, a New York firm that takes a “prevention-first” approach to stopping ransomware and other malware.

“They developed the first deep learning AI neural network that uses machine learning to see if it can make identity decisions on its own as well as make decisions the way humans do,” Boles said of Deep Instinct. “With progress being made on many fronts, the benefits of AI could soon spread to all touchpoints in the IT cyber universe.”

AI for home network security

Napa-based David Knudson used his understanding of statistical analysis and applied artificial intelligence algorithms on crowdsourced, real-time data to co-found Everything Set in 2019. It launched in March and offers smart device home network monitoring to deliver intelligent security.

“Traditional home data security solutions, like firewalls and antivirus software, are primarily equipped to keep previously identified malware out, but that doesn’t always work,” Knudsen said. “These systems don’t monitor individual smart devices, don’t understand how they should be behaving, and don’t monitor the information being sent by these devices to the cloud, which is the only way to provide true privacy and safety within the home.”

Most people have more smart devices than they realize, and those numbers will continue to go up.

Knudson said Everything Set’s early adopters have an average of 22 total Wi-Fi connected devices in their homes (such as water use monitors, intelligent thermostats, app-controlled lighting, smart locks).

His company found that 20% of those devices have reported vulnerabilities, and almost 10% of its users have a device that becomes infected or sends information to dangerous IP addresses each year, risking greater problems for users.

Everything Set research shows that approximately 8% of users have devices that have been hacked or are being prepared for a botnet device they were not aware of. The firewall on a router is insufficient to protect against these problems, because firewalls are not 100% effective.

Knudson said any time you have unique devices with their own processing power and firmware, they are subject to being infected with malware. Just like phishing attempts on email — it’s really up to users to find ways to make sure that their homes stay safe.

“Everything Set ensures those devices are operating as they’re supposed to, are not hacked or infected, and are not providing a platform to cause other malicious problems inside your home network,” Knudsen explained. At the same time, our device only monitors communications patterns themselves — not the content of messages. That’s all we need, or want, for our AI algorithms to work effectively.”

The Everything Set device comes with an app and a small box that plugs directly into a network connection to scan behavior patterns of each smart device and the data it’s sending to the cloud. If it finds potential vulnerabilities or unsafe behaviors, it provides alerts when deviations and helps users fix the problems in real-time.

This set device requires an annual subscription agreement but does not involve a link to an IT department. Performance is monitored by Knudson’s company.

“Our algorithms can find and help stop these problems right away or users can simply reflash a device by unplugging and replunging it in certain circumstances. The solution may potentially involve an upgrade of its firmware. In some situations, the smart device may have to be replaced.

The most common vulnerabilities occur in older devices and those that are off-brand, as well as in some devices distributed by major manufacturers.

“We first make sure our users are protected and then work with these manufacturers to help them understand the vulnerabilities and help guide them to a fix. Often this means working with their “bug bounty” programs and internal security teams.

Knudsen said, “We’re part of a natural evolution where new technologies require new thinking and new solutions. It’s not good enough just to track or block threats anymore. It’s about tracking against aberrant device behaviors, fixing them, and making sure they don’t spread into devices which are currently not affected to ensure the home network, and its connected devices, remain safe for users.”