Smart and connected homes... What have you got?

[wombleh]

Good money to be made from infecting central heating with crimeware, imagine in the middle of a cold winter you have to pay 1 bitcoin to get your heating back:
http://motherboard.vice.com/en_uk/re...art-thermostat

I like the idea of being able to turn on the heating remotely before coming back from holiday, but not seen any other smart home features that particularly interest me. Possibly having smart TRV to manage the heat in various rooms, but if the gel-based ones worked a bit better then that'd be unnecessary.

I work in IT security and on SCADA/ICS, there is no chance of me using a smart lock on my house in the near future!

[markrlondon]

I work in IT security and on SCADA/ICS, there is no chance of me using a smart lock on my house in the near future!

Indeed.

[jcm3]

For you Alexa fans: Amazon Music Unlimited launches today, and its <$7/month for Prime Members, and only $4/mo if you listen on an Echo. https://www.amazon.com/gp/dmusic/pro...MusicUnlimited …

[rincewind]

I work in IT security and on SCADA/ICS, there is no chance of me using a smart lock on my house in the near future!

Why? Surely all this demonstrates is that the security architecture you've applied to your SCADA solution is flawed. If your SCADA solution was secured using a dedicated enterprise level PKI would that change your view?

[wombleh]

Why? Surely all this demonstrates is that the security architecture you've applied to your SCADA solution is flawed. If your SCADA solution was secured using a dedicated enterprise level PKI would that change your view?

I was lying in bed last night wondering if I'd locked the door and wishing I had a sensor on it to save me walking downstairs, so I am a bit of a hypocrite.

I wouldn't trust SCADA with my front door lock because the products, protocols and software are all designed or evolved without security in mind. Most IOT devices won't have the power to manage certificates or do other layers of security. The vendors have shown repeatedly that they don't really care about security and most customers don't seem to either. All IT software gets rushed out the door to meet deadlines full of bugs and then patched later, but I bet most IOT will never be patched. Even if the SCADA side was completely secure, it's controlled by a mobile phone which is easily compromised via links, texts, baseband attacks, etc only it now opens your doors.

As you mention you can protect SCADA is with a strong layered security architecture but who is going to do that on their home system, most people wouldn't know where to begin. It can be done, e.g. secure keyswipe access, but it's expensive, complicated and IMO home devices will prioritise cost, power and easy of use above security.