Security Review of Consumer Home IoT Products

Security Review of Consumer Home IoT Products

Free

Company Name : NIST

The report details open-source research, a hands-on review and a security features analysis of several commonly purchased IoT consumer home devices.

Description

This document reports the results of a project that conducted a technical review of the security 247 features of consumer home Internet of Things (IoT) devices, also known as smart-home devices. Reviews were conducted on devices from the following categories of consumer home IoT devices: light bulbs, security lights, security cameras, doorbells, plugs, thermostats, and televisions.

For each IoT-device category, the project team reviewed a minimum of three devices from different manufacturers. The project team selected these IoT devices based on open-source research gathered from well-known retail and manufacturer websites. Information gathered included:

  • device availability: devices selected were deemed to be easily and widely available through multiple sources
  • device installation complexity: preference was given to devices a homeowner could install independently
  • device price point: consideration was paid to all price points in each category

Selected IoT devices represent a small sample of consumer home IoT devices that are readily available to consumers. Many more product categories exist, as do product options within each of these categories. Therefore, this report is based on non-exhaustive samples of some categories of home IoT devices.

The reviews enumerated the IoT devices’ technical properties and behaviors by conducting open source research and performing hands-on technical review, but did not use more intrusive review techniques, such as disassembling an IoT device to study its internal components in detail. Analysis of the information collected by the review methodology focused on the security features available on consumer home IoT devices. This produced general considerations for device manufacturers to improve the security features offered on consumer home IoT devices, to meet cybersecurity best practices, but the observations and considerations in this report may not apply to all IoT devices or device categories.

IoT hubs, which fulfill a variety of services, including connecting IoT devices to the manufacturer’s backend solutions and voice-recognition functionality, are out of scope for this project. Cloud-based services and other services, often used by manufacturers for IoT-device operations and maintenance, are also out of scope for this project. The security of these external components is important to the overall security of the consumer home IoT ecosystem and should be explored.

Throughout this document, the terms consumer home IoT device, IoT device, and device are used interchangeably.

You may also like…

Featured Products

  • Crystal Eye UTM Series 10+ Gateway

    Enterprise to SMB/Home Office Solutions - Crystal Eye Series 10 - 200