Smart Home Residential Automation and Digital Security

The smart home and the automation of all the things it can control is an ever-expanding body of technology. The collection of technology (software and hardware) is fed by the Internet of Things (IoT) that continues to grow at an exponential rate, with new products and services popping up every day. It’s exciting to see these innovations with all the sparkle and marketing hype that comes with it. But, can it be trusted? Are all of these IoT components and software built with the latest security standards to withstand being hacked?

Introduction to the Challenges

The case of the IoT device, Ring doorbell, and security cameras, is an excellent recent example. This June 4, 2020 article from NordVPN citing research done by Dojo, an IoT security company, has established that the answer is ‘no. Ring devices can be hacked. That’s because the data traveling on your home network from the network controller to Ring devices are unencrypted and can be intercepted, giving the hacker the ability to control what you see on the camera. These network controllers are often a programmable logic controller (PLC) or, for more complex systems, a programmable automation controller (PAC). Both the PLC and the PAC are nothing more than a computer with the ability to be programmed to control a multitude of functions in your house, such as your lighting system, your home security system, and even your kitchen appliances or home entertainment systems. PLCs are also commonly found in industrial SCADA control systems to be used to control embedded sensors that wirelessly transfer data over the PLC controlled network. There are many documented vulnerabilities with a PLC based system (PLC-BS) in the smart factory that carry over to the intelligent home residential automation system.

PLC-BS Vulnerabilities

These vulnerabilities are well-documented in many peer-reviewed studies and reports, such as this August 2019 from Researhgate.net. The application of the PLC-BS, in this case, is focused on industrial control systems for the smart factory. Still, these same pieces of hardware are used in the intelligent home networking scheme as well. Industry is a much higher value target for hackers and, thus, gets most of the attention. However, the application of using PLCs in the smart home does not have the design and security controls that an industrial application goes through. Thus, the vulnerability of the smart home is much higher. This lack of oversight in the design process is an inhibiting factor in the adoption of smart home technology and automated networks.

Industrial control system (ICS) security analysis by Fireeye demonstrates the PLC and its vulnerabilities over the past fifteen years. These categorized vulnerabilities have been trending higher year after year at an exponential rate.

Based on vulnerability analysis provided by Kaspersky Labs, the human-machine interface (HMI) has the highest threat of being compromised, followed by the network, sensors devices (electric devices), and the network controller (PLC).

The complexity and effectiveness of hacking threats, such as the Stuxnet worm, have been documented over the last ten years, and it targets the PLC-BS specifically. The Stuxnet worm enables Windows zero-day vulnerabilities that may have already been countered by the designed-in security protocols. Stuxnet is only the tip of that iceberg. Flame, Guass, Duqu, Wiper, and BlackEnergy malware are part of more than 50 new Stuxnet-like attacks that hackers have developed specifically for the PLC-BS controller.

Digital Forensics — Current PLC-BS Shortcomings

Traditional IT systems are static and have a fixed configuration that can only be changed by controlled updates. The update to the security protocols is a part of that upgrade. PLC-BS controlled systems are not static and are not configuration controlled. They are real-time systems that are volatile and that are designed to be valid and available at all times. Security, encryption, and data backup are a less critical part of the design.

The PLC-BS controllers are continuously fed by embedded sensors and I/O’s. Mainly, they are real-time devices that continually provide updated information by overwriting existing data. This action makes tracing previous datasets impossible. There are no continuous incremental backups because the data storage is limited and volatile. As new data is sensed by the IoT device and sent to the PLC-BS controller, the data in storage is overwritten. Thus, it is not available to the digital forensics tool for analysis.

The critical information about running programs and hardware that can be used as evidence for security vulnerabilities is also contained within volatile memory and gets overwritten. For example, PLCs, routinely do not have proper hardware and software that log thorough code or firmware modifications and updates.

Since PLC-BS are real-time devices that are continuously fed by updated newer information, delaying forensic response would make it more challenging to analyze and trace the problem. The slower the response is, the less related data will remain within the volatile memory after being overwritten by newer data.

PLCs are still far from being capable of being self-aware PLCs and from the knowledge of what is running inside. They are not capable of detecting any malicious codes running within, realizing suspicious behavior, or intelligently able to eliminate any imminent or suspicious threat.

Risk Mitigation Best Practices for a Secure PLC

The use of cybersecurity best practices is always a good first step to the prevention of being hacked. That plus future design upgrades with a security-first posture will be the ultimate solution to current PLC vulnerabilities.

• Predictive risk assessment and response should be part of any PLC-BS design.
• User attention to accepted security practices must be part of all operations on the network, including the protection of user IDs and passwords.
• Disable USB ports on all system devices for users and restrict the use of USBs to administrators only.
• Roles and Authentications must be assigned and enforced, and privileges managed.
• Spare ports on the PLC and other network computers should be disabled.
• Periodic software updates must be installed at regular intervals.

Digital Forensics – The Next Generation of PLC’s

The first line of defense is the ability to understand how the hacker has penetrated the system and what parts of the system were vulnerable to the attack. That means a credible digital forensics capability must exist to study the hack, learn from it, and build the right defenses to counter and prevent the attack. There are digital forensics tools out there today, but they are not useful in the PLC-BS environment. In the next generation of PLCs and PACs, that won’t be the case.

Larger SSD hard drives will replace volatile memory storage, and the need to overwrite previous data and operating state information will not be needed. New software will become part of the PLC firmware that will include security logs for identifying system faults and disruptions. Manufacturers will be able to study how the system was penetrated and the network compromised so that future PLC software upgrades will counter the threat.

Tags: automation, security, smart home, smart house automation

This entry was posted on August 24th, 2020 and is filed under Automation. Both comments and pings are currently closed.