Categorieën
Archief Kennisparels

[248] 5 augustus 2021: Cyber-Enabled Burglary of Smart Homes

Inleiding en context

Goede morgen beste mensen het is vandaag donderdag 5 augustus 2021. Vandaag een ‘’kennisparel’’ over mate waarin woninginbraak beïnvloed kan worden door zogenaamde ‘’smart home’’ applicaties. In de afgelopen jaren is de alomtegenwoordigheid van smart home-technologie gestaag toegenomen, in die zin dat het Internet of Things (IoT) voor de consument deel uitmaakt binnen veel huishoudens. Naarmate onze huishoudens zich ontwikkelen tot complexe cyber-fysieke ruimtes wordt het risico voor onze fysieke veiligheid door aanvallen die afkomstig zijn uit cyberspace meer omvangrijk. Binnen de wetenschap is er veel discussie over de technische kwetsbaarheden binnen het slimme huis. Dit is echter vaak niet gekoppeld aan een goed begrip van hoe een aanvaller deze kan misbruiken. In dit artikel richt de auteur zich op woninginbraken en wordt een model ontwikkelt waarmee het proces waarmee woninginbraken wordt uitgevoerd en het effect van de slimme woning op dit proces. Door twee gebieden van de academische literatuur, woninginbraak en smart-home security, te combineren, biedt dit artikel een academisch gefundeerde discussie die de  kwetsbaarheden in verband met de smart-home plaatst in de context van het proces waarbij inbraak wordt gepleegd. Het plegen van woninginbraken is soms een complex besluitvormingsproces. Volgens bijgesloten ‘’kennisparel’’ is het trouwens op korte termijn onwaarschijnlijk dat woninginbrekers routinematig gebruik zullen maken van slimme huistechnologie.

Voor de geïnteresseerde lezer, eerder verstuurde ik twee ‘’kennisparels’’ over de rol van Iot in relatie tot de criminaliteitsontwikkeling: https://prohic.nl/2020/07/31/31-juli-2020-what-security-features-and-crime-prevention-advice-is-communicated-in-consumer-iot-device-manuals-and-support-pages/ en https://prohic.nl/2021/03/29/191-29-maart-2021-a-systematic-review-of-crime-facilitated-by-the-consumer-internet-of-things/. En over het delict woninginbraak verstuurde ik onlangs deze ‘’kennisparel’’: https://prohic.nl/2021/06/15/227-15-juni-2021-what-works-to-prevent-domestic-burglaries/ Maar nu naar bijgesloten ‘’kennisparel’’.

Bron

Hodgers, Duncan (July 2021) Cyber-Enabled Burglary of Smart Homes. Computers & Security, 30 July, pp. 1-42. https://www.sciencedirect.com/science/article/pii/S016740482100242X?via%3Dihub

Samenvatting

Over the last few years, there has been a steady increase in smart home technology’s pervasiveness, to the degree where consumer IoT is part of many homes. As our homes become complex cyber-physical spaces, the risk to our physical security from attacks originating in cyberspace becomes much more significant. Within the literature, there is much discussion about the technical vulnerabilities within the smart home. However, this is often not linked to a rich understanding of how an attacker could exploit them. In this paper, we focus on residential burglary and develop a rich understanding of the process by which residential burglary is committed and the effect of the smart home on this process. By combining two areas of the academic literature, residential burglary and smart-home security, this paper provides an academically grounded discussion that places the nascent vulnerabilities associated with the smart-home into the context of the process by which burglary is committed. The commission of residential burglary is a complex decision-making process, which the public often simplifies into planned or unplanned crimes; this is a dangerous oversimplification. The analysis identifies some increased risk during the target selection stage phase. However, in the short term, residential burglars are unlikely to exploit smart home technology routinely.

From this research, we can develop several recommendations for a variety of stakeholders. The first is aimed at those adopting smart home technology; at present, there seems to be little increase in the risk of residential burglary from the adoption of smart home technology. Note that is not to say that there is no increase in other risks, such as risks to personal data privacy. It is also worth noting that for those looking to secure their homes from residential burglary, the traditional advice still seems to generate the most benefit, e.g. good locks and a well-secured rear to the property. If residential burglary is a concern, a homeowner will likely see a better return on investing in good door and window locks than on smart home technology.

From a policy and regulation perspective, anything that reduces the vulnerabilities in the devices will make it harder to compromise devices. At present, a burglar is only likely to consider using cyber-enablement if it proves to be better than current approaches, i.e. improves, in some way, the ability to identify `good’ targets. However, if the cost or challenge of exploiting these devices is too high, a burglar will likely choose a less efficient approach that does not exploit these devices. It is also noteworthy that it is not just the reduction in the vulnerabilities that exist in devices that are for sale that is required. The market for devices must itself support identifying devices that provide ‘greater’ security levels and be mature enough to value these devices. Over the last twenty years, the technology marketplace has matured and now advertising for mobile phones and PC operating systems use security and privacy claims to address consumers. Unfortunately, this same market maturity does not currently support the IoT / smart home market.

For those in law enforcement and policing, it is clear that whilst there is little evidence that smart home devices will increase residential burglary, it is essential to monitor and understand this area of cyber-enablement. Bellwethers such as an increase in planned residential burglary are likely to indicate a potential increase in the use of smart home technology to facilitate crime. This increase may first be observed in other domains such as the burglary of commercial properties; as these are typically more planned, they may be early warnings of future increases in the cyber-enablement of residential burglaries. The final recommendation would be to understand the interaction between those who have the skills and motivation to compromise smart home technologies and associated online artefacts (such as email accounts or accounts associated with the individual devices) and those individuals who are motivated to commit residential burglary. The disconnect between these two actors is one of the reasons why cyber-enabled residential burglary is still very rare.

As a final closing comment, we should also acknowledge the fragility of the current environment, there are many vulnerabilities in current smart home devices, and there are actors capable of exploiting those vulnerabilities. However, at present, those actors appear to show little motivation to attack. If these actors become motivated, or the actors with the capability to attack begin to work with those motivated to attack, then we are at risk of a significant crime harvest.

Afsluitend

Het is te voorzien dat zich ´nieuwe vormen´ van criminaliteit en modi operandi (werkwijzen van daders) gaan voordoen door het massale gebruik van het IoT. Het is dan van belang om in plaats van te reageren te anticiperen als een belangrijke voorwaarde om greep op deze vormen van criminaliteit te krijgen. Bijgesloten ‘’kennisparel’’ laat zien dat voor wat betreft de rol van IoT in relatie tot woninginbraak voorlopig beperkt lijkt te zijn. Ook om van te leren.