L ights, music systems, cameras, thermostats, door locks, lawn mowers, roller shutters: More and more can be networked at home. Smartphone or tablet become the control unit, with which the smart device army can be directed via apps.
But as connectivity increases, so does the flow of data, and many consumers are questioning which path the data actually takes and how secure the connections are.
Basically there are different ways to network home equipment. "In many cases, a so-called bridge is used for control," explains Timo Brauer of the technology magazine "Inside-digital.en".
Smart home network: by bridge, locally or in the cloud
Behind this is a kind of distributor for networked devices. "The bridge then connects one or more smart home devices to the Internet," says Brauer. "The smart-home devices, in turn, communicate with the bridge via Bluetooth or special smart-home standards such as Zigbee or Z-Wave in an encrypted way."
Another variant are purely local networks, for which you usually need a router. "In this case, devices are only on the move in the home network and not connected to the Internet at all. The advantage is the very high level of data protection, the disadvantage is the lower level of convenience, because an IP camera, for example, cannot be used remotely in this way," says Arne Arnold of the trade magazine "PC Welt".
A third option is cloud-only systems. "In these smart home networks, user data and configuration data are also stored on external servers," says Jorg Geiger from the trade magazine "Chip".
"This applies, for example, to systems such as Apple Homekit, Google Assistant or Amazon Alexa." You always have to access the provider’s server to make settings.
More uniformity in the smart home
How secure the data is then on the move depends on both the user himself and the device manufacturer. "In principle, encryption should be used wherever data flows," says Geiger. Although transport encryption for data transfers is now standard. But so far there was no uniformity in the smart home, which made optimal protection difficult.
This is set to change with efforts to introduce a smart-home standard that virtually all major manufacturers and Internet companies, which have joined forces in the Connectivity Standards Alliance(CSA) , support across all industries.
It is called Matter (formerly Project CHIP – "Connected Home over IP") and, in addition to security and reliability, is intended to guarantee that smart devices can work together regardless of manufacturer.
"With the devices themselves, security stands and falls with the firmware updates. If these are not carried out regularly, security gaps arise," says Geiger. Especially with older devices, this can sometimes become a problem if the manufacturer discontinues support. But also the WLAN router must always be up to date on the software side and also secured with a strong password.
In addition, consumers should rather rely on reputable providers. "Brand manufacturers are often more concerned about this than no-name and white-label providers who sell their products on Amazon and Co. offer at reasonable prices," says Timo Brauer. In the case of renowned manufacturers, there are usually very regular and usually also automatic security updates.
With low-cost providers, on the other hand, it is often not even apparent where the products come from and where the servers are located. In addition, a separate password should be used for each service and each log-in. "Password managers can help keep track here," advises Brauer.
Good smart home products with transparent data flow
With good smart home products, the consumer can also check and set which data is transmitted. "Often usage data is transferred to the providers as a lump sum. You should be able to object to this when you set it up, and you also have to be able to intervene here afterwards," says Jorg Geiger.
Over the user interface is often also adjustable, whether the access is to be permitted over the Internet at all. "If you exclude this, you also increase the security standard in any case," says Arne Arnold. Such a setting could be useful, for example, even temporarily. A robotic mower, for example, does not need to be accessible via the Internet over the winter.
If data falls into the hands of others, it usually doesn’t happen on the home network itself. "The gateway for malware is almost always the service of the manufacturer. This is how hackers get access to customer data and ultimately to the devices," says Arnold. The consequences can be varied and ranged from malfunctions to the tapping of user data and passwords.
Smart home: keys and switches must remain
Especially for critical infrastructure at home Timo Brauer advises to always have an alternative tax option at hand. "For example, the smart door lock should additionally be able to be opened with a traditional key and the shutters should be able to be raised manually if the manufacturer’s server is ever unavailable."