Smart kitchens now – How the rise in smart devices leaves kitchens open to cyberattacks
We’ve come a long way since the initial boom in kitchen technology began in the 1950s, when dishwashers came into production, and refrigerated taps were the new, must-have appliance.
Gone are the days when the kitchen was merely a place for storing, cooking, and preparing food – it has evolved into a multi-media hub capable of sating our appetite for constant entertainment and instant convenience.
As a reflection of the growing amount of time we are spending in the kitchen, it is now, for example, possible to purchase a microwave that can play Netflix while simultaneously heating a meal. Additionally, Internet of Things [IoT] enabled fridges can automatically order new food from Amazon when stocks are low.
With the possible applications of technology in the kitchen seemingly limitless, it is inevitable that many more innovations will emerge in years to come. But as smart devices continue to play a more integral role in the kitchen, the risk of falling victim to a cyberattack or security breach grows exponentially.
Why protecting smart kitchen devices matters
The rise of smart devices means that a variety of appliances, which have not historically been viewed as potential security threats, must now be considered in these terms.
However, many smart device users are unaware of – or unconcerned by – the possibility of a breach, which may be due to the assumption that manufacturers will have already made these considerations for them.
While some manufacturers pride themselves on the security of their smart devices, there are still many who appear to view security as a mere afterthought. This, perhaps, is because implementing sophisticated protection software can be an expensive and laborious process.
However, the repercussions for failing to address potential security vulnerabilities could be severe. If a large number of smart kitchen devices are routinely hacked or attacked, consumer trust in the manufacturer’s products is likely to be eroded considerably, resulting in reputational damage. With IoT technology viewed with suspicion by many, establishing trust is of paramount importance to the continued use and adoption of such devices.
In addition to the threat posed by customers turning away from their products, manufacturers must also be mindful of the various cyber security regulations that they are required to meet. For example, the UK Government is bringing forward a bill that places new cybersecurity requirements on manufacturers and sellers of consumer tech that can connect to the internet or other devices.
Under the new law, device makers will need to be more transparent with customers about the length of time products will receive security updates for. In addition to this, they will be required to create a better public reporting system for vulnerabilities found in those products. Failure to uphold these measures could result in fines of up to £10 million or four per cent of global turnover, as well as £20,000 per day in the case of an ongoing breach.
The security considerations that need to be made
What complicates matters further for manufacturers is the breadth of IoT security considerations.
For example, with microwaves that stream movies and television, one of the biggest security threats is that the content issued by media giants, like Netflix, can be illegally leaked or pirated. As a result of this, the number of paid subscribers may decline, or growth may slow.
Netflix and other providers use Digital Rights Management [DRM] and ‘watermarking’ technologies designed to protect content to prevent this from happening.
By implementing streaming functionality into their smart kitchen devices, manufacturers must ensure that DRM and ‘watermarking’ technologies are supported. This prevents appliances from being exploited by cybercriminals, and protects the manufacturer from legal action taken by content providers in the event of widespread breaches.
As another consideration, IoT-enabled fridges are also prone to cyberattacks if not properly protected. This is because criminals can hack into devices to gain access to a user’s sensitive information, including payment details, so that acts of fraud or theft can then be committed. With the primary victims of these crimes being consumers, the erosion of public trust and resulting reputational damage could, as alluded to earlier, be severe.
However, it is not only to commit cybercrime, that attacks are carried out, with the impact having far more tangible and human implications in some instances. For example, it may not merely be a criminal’s intention to breach the security of a Netflix-enabled microwave to steal content – they could, theoretically, hack into the appliance and cause it to catch fire. This would be tantamount to an act of arson, and could result in injury or even loss of life.
Though this may sound extreme – and we do not want to sound as though we are scaremongering – such an occurrence remains a possibility if manufacturers fail to sufficiently address the need for security architecture in their smart kitchen devices.
Using Trustonic’s Trusted Execution Environment [TEE] solution, device makers can be assured that their appliances have the highest possible level of protection. Our hardware-backed security is accepted as a gold standard for the industry, having recently been awarded EAL5+. This certification is reserved for products that have been ‘semi-formally designed and tested’ by a third-party assessor against an agreed protection profile. For Trustonic’s EAL 5+ certification, the GlobalPlatform TEE Protection Profile was used. GlobalPlatform – of which Trustonic is a member – is the industry body responsible for Trusted TEEs.
Our TEE technology creates a physical barrier between the software used to run general operations on the kitchen appliance and the more sensitive operations dealing with user data protection, device credentials, payment information, etc. Adopting such an approach has become commonplace in mobile phones and a range of other devices, from security cameras to smart speakers.
The advantages of adopting the TEE approach are twofold. Firstly, implementing the technology can result in a cost reduction for manufacturers, given that no separate chip is required. Secondly, because the TEE operates on the device’s main Central Processing Unit [CPU], it boasts higher performance and larger memory space, enabling wider security applications, and providing an easier upgrade path.
Considering this, it is clear using Trustonic’s TEE solution is beneficial for smart kitchen device makers and consumers. Therefore, it is in a manufacturer’s best interest to explore how investing in Trustonic technology can help protect their devices and ensure that smart kitchens become safe and secure spaces for all the family, both today and in the future.