My Smart Home is my Castle – how secure are your own four walls?
Munich, 31 January 2024
From smart sockets to networked voice assistants, more and more “smart” devices are finding their way into private households. At the same time, the threats and risks in cyberspace are growing. Are the ideas of privacy and security associated with our own four walls beginning to falter? On 23 January at the Evangelische Stadtakademie München, the speakers presented technical options for retaining control over one’s own data and at the same time securing the essential exchange of data.
In her welcoming address, Barbara Hepp, Evangelische Stadtakademie München, referred to the large number of smart helpers – from smart fridges to webcams – that can be found in many households today. It is not always possible to be sure whether these devices are collecting hidden data in addition to their intended functions. To avoid this, it is important to know what to look out for.
acatech Executive Board member Claudia Eckert, Fraunhofer Institute for Applied and Integrated Security AISEC, welcomed the guests on site and via livestream on behalf of acatech and thanked the Evangelische Stadtakademie München for the long-standing cooperation between the two institutions. She emphasised how important it is to use events like these to engage in dialogue with society, provide information, make suggestions and discuss socially relevant topics.
Thomas Zeilinger, Commissioner of the Evangelical Lutheran Church in Bavaria for Ethics in Dialogue with Technology and Science, then took over the moderation of the evening and announced Florian Wolff von Schutter, TÜV Süd AG, as the first speaker. The technology expert began his presentation by outlining a typical smart home network.
In the IoT (Internet of Things), devices in the physical world are connected to the internet. A device command can be issued remotely, for example to operate app-controlled doors, televisions or fridges that are connected to the internet via LAN cable or a Wi-Fi connection. In addition, devices can also be connected directly to the Internet via 5G, bypassing the home network. Examples are water pumps or other devices in the garden. Florian Wolff von Schutter then demonstrated in a “live hack” how a standard webcam can be hacked and described the individual steps required for this. Hackers usually gain access to the local area network via a cracked or missing password or by installing a backdoor in a manipulated device. In many cases, a USB stick is used for this, which is why he recommended never connecting unknown sticks to your own computer.
Claudia Eckert, Fraunhofer Institute for Applied and Integrated Security AISEC and member of the acatech Executive Board, added examples of other devices that hackers use as gateways to gain access and invade a person’s privacy. For example, a manipulated digital key could be used to open locked doors. Hacked baby monitors could be used as listening devices and hacked door locks and heating sensors could provide information about whether someone is at home. The risk of such cyberattacks is lower with devices that have appropriate security measures and whose software is regularly updated. According to Claudia Eckert, these points should be taken into account when making a purchase. It is also important to find out about the manufacturer or what data is collected by the device and where it is passed on to. She also recommended changing the default passwords in the devices immediately after purchase. To prevent further dangers, you should also make sure to create segments in the local area network so that only limited areas can be accessed in the event of a hacker attack. In her opinion, devices should be controlled from outside the home network via a secure connection (VPN) only. In future, Claudia Eckert concluded, there will be stronger regulation via the European Cyber Resilience Act. This will apply to all devices with “smart” functions and oblige companies across Europe to provide updates, which will increase the level of security accordingly.
Eckhard Frick SJ, Klinikum rechts der Isar of the Technical University of Munich, placed the topic of cybersecurity in a different context in his presentation: from the perspective of attachment research, humans have a great desire for security. This arises from the balance between security and exploration, i.e. discovering new horizons. In a world in which children and young people in particular are spending more and more time with digital devices and in virtual worlds and are therefore also exposed to the dangers lurking there, the topic of cybersecurity is becoming even more relevant. Skills must therefore be developed across all generations for users to be able to navigate the internet safely.
In the subsequent panel discussion, the participants returned to this topic. Claudia Eckert pointed out that “digital natives” often have too much basic trust in digital applications and services. For this reason, more emphasis needs to be placed on teaching media skills and more security measures need to be built into the devices in order to ease the burden on users. Florian Wolff von Schutter agreed and advocated more extensive testing and certification. Eckhard Frick SJ also placed the onus on the users themselves: we must not become naive when dealing with dangers but must remain curious and carefully weigh up what is possible.