For new smart-home gadgets, the spectre of insecurity looms

Amongst technology experts, it's often said that the internet of things is a security nightmare.

The term is commonly used to refer to the myriad connected devices that are increasingly making their way into in our homes from Wi-Fi-capable dishwashers to vacuum cleaners, light bulbsand more.

Within each product is basically a tiny, low-powered computer. But unlike a laptop or smartphone, many of these devices have been found to be notoriously insecure.

In the past few months alone, hackers infected thousands of vulnerable internet-connected cameras, routersand related devices, and used their combined power to launch crippling cyberattacks on popular internet websites.

Researchers, meanwhile, have found flaws in popular internet-connected light bulbs bugs that have since been patched and even suggesteda well-crafted viruscould spread from bulb to bulb.

The security of these devices, this is what's going to make the smart home happen or not.- RomainPaoli, head of product atNetatmo

And, of course, there is the ever-present fear that connected, smart-home devices especially ones capable of recording audio, video, and other personal information could be used to spy on their owners. (It certainly doesn't help that voice recordings from Amazon's personal assistant, Alexa, are being used in court as evidence for the first time.)

"The security of these devices, this is what's going to make the smart home happen or not," said Romain Paoli, head of product at Netatmo, a maker of connected home security cameras, thermostatsand smoke alarms."We're not happy to see competitors fail, because it hurts us too."

Addressing security issues

CBC News interviewed representatives forNetatmoand a handful of companies with connected smart-home devices earlier this week, at a preview event for the Consumer Electronics Show(CES 2017) in Las Vegas that officially opens today. All arekeenly aware of recent threats facing their competitors' productsand the industry at large.

Naturally, they all praised the security of their devices and frankly, it would be weird if they didn't but at the same time, admitted that no piece of technologycan ever be completely secure.

"We're trying to sell this thing to every homeowner in America," saidBryan E. Mitchell, a public relations manager for air conditioner company Carrier, which also has a new line of connected smart-home products."So we have to go to the homeowner and say, 'Hey listen, we live in a vulnerable world, we're going to do all we can.'"

Carrier, alongside Netatmo,MoenandSomfy,say they'veenlistedthird-party companies to conduct regular audits of their hardware and software something that security experts typically considergood practice. This means reviewing codesfor bugs, and attempting to find vulnerabilities in devices much as an actual attacker would, ina process called penetration testing.

Each company also boasted of using end-to-end encryption to protect data travelling to and from their products, and the importance of having strong password requirements that are less likely to be easily cracked or guessed.

Mitchell went so far as to claim that Carrierrelies on "the same folks that are testing our systems to make sure the fighter jets and space suit technology is safe." (Carrier is owned by United Technologies, a manufacturer of aircraft engines and aerospace equipment for military applications commercial aerospace, defence and building industries.)

Step in the right direction?

Moen,more commonly known for kitchen and bathroom fixtures, unveiled a connected shower system that can be controlled from a phone. Though some of the software and intellectual property was developed in house, the companyturned to a third-party hardware companycalled Grid Connect to putit all together.

"This is Moen's first smart-home product, so we're not going to just jump in and do it ourselves with no experience. We want to make sure it's done well," said a spokesperson.

All of these efforts certainly sound like a step in the right direction for a product category that hasn't had the best security track record of late. But whether the industry as a whole is moving in this directionlikely won't be obvious for quite some time. A thermostat or dishwasher isn't something that gets replaced often,and even with software updates, insecure products already in the market will undoubtedly remain in use for years.

At the same time,the sheer number of connected devices coming online meansit may prove impossible to adequately secure them all.

And as with any technology claiming top-of-the line security practices,in the absence of an independent third party to verify such claims, you only have companies'word thatthey're telling the truth.

A good place to start:don'ttrust anyone that claims their products are 100 per centsecure.

"If they do," saidJean-SbastienPrunet, marketing director forSomfy, which introduceda new home security camera,"it's a lie."