How to Save the Smart Home from Cyber Invasion Art Swift, President, prpl Foundation
Smart Home Security Report 2016 Research Findings Smart device adoption has reached a tipping point - the smart home is already here The smart home is woefully insecure due to users failure to follow best practices Smart home users prefer security to usability and are prepared to take more responsibility A prpl Foundation Study September 2016 Source: Smart Home Security Report 2016, prpl Foundation, September 2016 - https://prpl.works/smart-home-security-report/
Methodology and demographics Sample by country Sample by age group Sample by gender USA 200 DE 200 55+ 219 18-24 150 UK 200 n=1,200 FR 200 45-54 251 n=1,200 25-34 309 Female 518 n=1,200 Male 682 JP 200 IT 200 35-44 271 Survey conducted by OnePoll in accordance with the Market Research Society code of conduct - data collected between 22.06.2016 and 01.07.2016
Smart device adoption has reached the tipping point Connected devices per Smart Home Top 10 Smart Home devices 25% 0% 10% 20% 30% 40% 50% 20% 15% 10% 5% 0% 0 1 2 3 4 5 6 7 8 9 10 Number of connected devices per smart home Game console Wireless printer Smart TV Media streaming device Digital camera with Wi-Fi Smart watch / Wearables Home security Toys Home surveillance camera Smart appliance Q1) Which connected devices do you use in your home?
Many users never update their home gateway firmware Home gateway firmware updates 23% 20% 57% At least once a year Never done Didn't know was possible 3) How many months has it been since the firmware on your router at home was last updated?
Many users never configure security settings Home gateway security Measures taken to secure the home gateway 0% 10% 20% 30% 40% 50% Change admin password 46% 37% Configure firewall policies Enable MAC filtering Use guest network for guest devices 17% Use guest network for home devices Basic (password) Advanced None Disable UPnP Q4) Do you or does anyone else in your household take the following measures to secure your home router?
Too many firewall ports are unnecessarily open Internet attack surface [firewall ports open] 7% 29% 32% 8% 24% Safe 1-2 3-4 5+ Don't know Q5) How many services in your home (such as games consoles, VoIP apps such as Skype, etc.) require open ports on your home router firewall?
Most users prefer security over ease of use Consumer choice - security vs. ease of use 30% 51% 19% Security Configurable usability vs. security Ease of use Q6) When thinking about connected devices, what do you think is the most important out of the following?
Most users want to be responsible for security Smart home security responsibility 20% 20% 60% End user Service provider Manufacturer Q7) From the following, who do you think should be most responsible for the security of your connected devices?
and would pay a premium for more secure devices Would pay a premium for more secure devices 26% 32% 42% Security concerns keep me from buying more smart devices I would pay a premium for more secure devices I am not concerned about the security of smart devices Q8)Which of the following statements best describes your views on connected devices?
Top 10 tips for better smart home security Source: Smart Home Security Report 2016, prpl Foundation, September 2016 - https://prpl.works/smart-home-security-report/
prpl Foundation Reference Publications
art@prplfoundation.org http://prpl.works
Average number of devices per smart home Smart device adoption has reached the tipping point 6.0 Smart devices per household by country 4.0 2.0 0.0 FR IT DE UK USA JP Total 5.8 5.0 4.5 2.6 2.4 1.0 Q1) Which connected devices do you use in your home?
Many users never update their home gateway firmware Home gateway firmware updates by country Every 0-2 months Every 3-6 months Every 7-11 months Every 12+ months Never done Didn't know was possible Firmware what? FR DE IT JP USA UK 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 3) How many months has it been since the firmware on your router at home was last updated?
Many users never configure security settings IT DE FR USA JP UK Users managing the security of their home gateway by country 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Basic (password) Advanced None Q4) Do you or does anyone else in your household take the following measures to secure your home router?
Most users prefer security over ease of use UK Consumer choice - security vs. ease of use 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% USA IT DE FR JP Security Configurable usability vs. security Ease of use Q6) When thinking about connected devices, what do you think is the most important out of the following?
Most users want to be responsible for security JP Who should be most responsible for security 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% USA IT FR DE UK End user Service provider Manufacturer Q7) From the following, who do you think should be most responsible for the security of your connected devices?
and would pay a premium for more secure devices Consumers would pay a premium for more secure devices 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% FR IT DE JP USA UK Security concerns keep me from buying more smart devices I am not concerned about the security of smart devices I would pay a premium for more secure devices Q8)Which of the following statements best describes your views on connected devices?
Too many firewall ports are unnecessarily open JP USA UK DE IT FR Internet attack surface by country [number of services requiring open ports on the firewall] 0% 20% 40% 60% 80% 100% Safe 1-2 3-4 5+ Don't know Q5) How many services in your home (such as games consoles, VoIP apps such as Skype, etc.) require open ports on your home router firewall?