Keeping "smart homes" safe from hackers

Science fiction has long promised us a future with flying cars, jetpacks, and robotic home appliances that are smart enough to run themselves. Flying cars and jetpacks are still a long way off, but smart home technology is here and becoming more sophisticated every day. What will it take to get these high-tech devices adopted in homes across America -- and to keep them safe and secure?

The Internet of Things

As tech giants enter the race to empower your home -- with Apple's recent launch of HomeKit and Google's acquisitions of Nest Labs and Dropcam -- the so-called "Internet of Things" seems poised to move into the home appliance market in a big way.

Never heard of the Internet of Things, or IoT, as it's commonly known in tech circles? You are not alone. A recent Harris poll for SOASTA, a cloud and mobile testing service, showed that 73 percent of those surveyed were unfamiliar with the term for Internet-enabled devices, sensors and appliances that are envisioned to connect and communicate seamlessly. However, once the concept was explained, a majority said they were excited about the possibility, according to the report.

A true smart home could integrate this technology everywhere from the front door, which you lock and unlock from your phone; to the air conditioning, which turns itself on as you head home from work; to the music system, which knows which tunes you like to sing in the shower and what sets the mood for a Saturday night date; to the light bulbs, which turn off automatically when you go to bed.

For example, Savant Systems has an Apple-based product that knits together smart plugs, appliances, climate control, entertainment, alarm and security systems into one intelligent unit. Their system combines multiple tasks into modes like "waking up," to seamlessly coordinate all the devices you use in the morning, or "away on vacation," with energy-saving features and a lighting patterns to fool a would-be robber.

It can also alert homeowners to the unexpected.

One of Savant's cofounders, Jim Carroll, says his smart home lets him know if his daughters are playing hooky: "When my teenage girls come home from school, if it's outside of the parameters that I'd normally expect them to come home, meaning it's before 3 o'clock Monday through Friday from September to May, I'll get a text saying, 'Shannon's home from school.' I could look at my cameras and see if she came home alone to understand 'Why are you home at one o'clock on a school day?'"

Compatibility and ease of use

Consumers today are constantly "inundated with better, cheaper products," says Virginia Moon, the managing editor of special projects at HGTV, including the HGTV Smart Home 2014 giveaway. "But which investments are going to be reliable and make their life better?"

Do-it-yourself versions of smart home technology will be more approachable to the average homeowner, and easier to install, Moon told CBS News in an email. After all, plugging an IoT device into the wall to control your lamps is much simpler and less expensive than installing a whole new high-tech lighting system.

But that raises issues of compatibility, notes Jeremy Tilley, the director of trade relations and professional experiences at Scripps Network Interactive. With so many IoT devices running mostly on proprietary systems and interfaces, one device is not necessarily compatible with others.

"Consumers...want a single interface that's simple to use, and they just want it to work," Tilley told CBS News in an email.

That's the idea behind Apple's HomeKit, to get everything into the home on one system. A number of startups are also attempting to solve these problems by designing a system around an item that a homeowner will most likely already own: the smartphone. oort, a company based in San Francisco, is in the process of designing a highly customizable system that uses Bluetooth to connect all devices, such as the oort powerstrip and wall socket, to the homeowners' smartphone, regardless of its operating system.

"Even Apple's recent smart home announcement misses the mark as they are focused on only on iOS," oort's founder and CEO, Radek Tadajewski told CBS News in an email. "Families are not all on a single smartphone platform and they don't want to be locked into one, just because it's the only one that runs their house."

The other challenge, he notes, is that with multiple devices and multiple apps, consumers can't create a seamless custom ecosystem, which he says is "the true promise of a smart home."

"For example, what if you want your blinds to open, your coffee to brew and your thermostat to turn up the heat the moment you wake up," Tadajewski explained. If they're not fully integrated into one system, "you'd have to set each of those individually...which means if you hit snooze on your smartphone alarm, you'd have to go through each app to hit snooze for individual devices or end up with burned coffee."

The effort to standardize the IoT appears to be at a crossroads, with tech giants dividing into three separate camps. A consortium called the AllSeen Alliance, established last December, includes Microsoft, LG and Qualcomm, while a rival group called the Open Interconnect Consortium, announced in July, includes Intel and Samsung. A third, called Thread Group, launched just a week later, also with the backing of Samsung and Google's Nest.

Security concerns

Before consumers start integrating smart devices into their homes en masse, they'll need to feel confident that such technology is secure.

Like any computer that is connected to the Internet, the IoT may never be fully impervious to hackers and viruses. Scott Morrison, senior VP and distinguished engineer at CA Layer 7 Technologies, says that future and current technologists will have to design devices that are resilient on their own, rather than assuming that the home network is already secure.

"Security techniques are always evolving. New attacks appear, and new defenses are concocted in response. No system is ever perfect and no system is completely impervious unless it is completely isolated and unreachable, which is clearly an untenable approach," Morrision told CBS News in an email.

Gary Davis, Chief Consumer Security Evangelist for McAfee, warns that the most vulnerable link in any smart home system is the mobile device that controls it. Now, in addition to being the key to your social media life, your cellphone could be the key to your house and every system in it. He urges consumers to use security features, at very least a pass code and theft recovery program on their phones. According to a survey conducted by Consumer Reports in 2013: "Almost 40 percent in our survey didn't take even minimal security measures, such as using a screen lock, backing up data, or installing an app to locate a missing phone or remotely erase data from it."

"Hackers who could get access to something as simple as your historical thermostat records could predict when you are in [or] out of the house (giving clues when to rob it)," Morrison explains. "We need to take control over the emerging consumer surveillance society before it becomes so entrenched it is too difficult to manage."

Tadajewski recommends that consumers should look for devices that feature 128-bit encryption or higher. Consumers should also enable encryption on all their devices, including communication between devices.

"In other words, users can choose to restrict access to the device and secure data with impenetrable encryption (AES 128-bit)," Tadajewski explained. "To provide some perspective, via brute force methods, it would take hackers with supercomputers longer than the current age of the universe to crack a device's encryption."

Though any WiFi or bluetooth enabled device could have security vulnerabilities, Davis thinks that security monitors need special attention: "If I had to choose a single system that I think would be the most at risk, would probably be the home monitoring system, both your baby monitors as well as home monitors."

Davis says that to McAfee and Intel, "what is top of mind for us is managing your identity." Replacing hackable passwords with biometric technology to confirm the homeowner's identity could help. "If you could sit down at your device and your device knows who you are and what you have the means to go do ... that is going to go a long ways toward enabling the Internet of Things."