Systematically Evaluating the Threat Landscape of the Smart Home

Smart home technology is becoming more popular because it offers a great deal of convenience. The fundamental question I am looking to answer is: Is IoT (Internet of Things) / smart home software itself secure?

My focus is on the communication protocols used by IoT devices and apps, and specifically Apple Homekit products, primarily to uncover how secure the communication between IoT devices and their servers is. I will be analyzing how smart home devices and iOS applications implement SSL/TLS verification, which is the standardized protocol of securing Internet communication, and thereby protecting customers’ privacy and authenticity of the user. Consider this example: if the communication between a smart door lock and its server is not adequately protected using SSL/TLS, any unauthorized person would be able to make the door unlock. I will be investigating whether smart home software is handling the protocol correctly, and if not, assessing what level of damage it can cause to consumers.