This article is based on work from the CHAI project, which explores how individuals living in social housing can recognise and protect themselves against the potential cyber-security risks of AI-enabled smart technologies in their homes. Project CHAI is a three-year, EPSRC-funded project involving five UK universities in collaboration with Housing Technology.
Enriching our daily lives with smart applications & IoT
AI-enabled technologies are actively used in smart homes to provide intelligent services and recommendations while IoT coupled with AI concepts has been applied to home environments.
These modern technologies help us with daily activities and can improve our lives, such as entertainment, effortless measurement of our energy consumption, personalised heating adjustments using smart thermostats and smart radiator valves, motion detection, facial recognition for entering the house and buildings, and smart speakers. The ever-growing use of IoT devices and intelligent technologies has resulted in our home computer networks being filled up with devices and applications that gather and share sensitive information and occupants’ activities.
In Project CHAI, we study the different smart applications that a smart home could deploy and the types of AI functionalities they exhibit, with the aim of developing a proof-of-concept smart energy device to demonstrate user ‘explain-ability’ features and support tenants with daily decisions about securely using their devices and applications.
Our homes as cyber-attack targets
Notwithstanding the benefits of these smart technologies, UK households have sadly become lucrative targets for exploitation by cyber criminals. Their aim is not simply tenants’ assets such stealing user data (money, personal documents, photos, etc), accessing cameras and hijacking smart/voice assistants but also threatening corporate networks which have become more accessible given the proliferation of home working since the pandemic.
Due to the complex nature and variety of smart home devices as well as the snarl of data and information sent among them, which constitute part of tenants’ lives and daily routines, protecting smart homes is a challenging task.
Research in the context of user awareness has shown that smart-home occupants often lack cyber-security awareness, even when it comes to frequently-used technologies such as social media and email. To manage cyber-security risks, smart homes must be equipped with adequate cyber-security measures.
At Project CHAI, we are creating an exhaustive list of cyber attacks and their potential impact on today’s smart homes. We also explain how AI functionalities can be used against tenants in multiple ways. This is a critical step towards defining ways to not only secure the home by using specialised devices and applications but also educate the occupants on how to secure their smart devices against attacks.
Securing smart homes & managing cyber risk
Because coping with cyber-security challenges isn’t a straightforward task, the UK government has published various resources, which can be helpful to mitigate cyber risks and maintain secure households throughout the country.
For example, the National Cyber Security Centre has provided useful tips and resources to help remote home workers to work securely. Their main tips include keeping our devices updated with the latest software, using strong passwords for our accounts and devices, using approved software and collaboration tools, using some software to detect and eliminate malicious software, securing our wi-fi networks and backing up our data.
Nevertheless, the above tips are ‘merely’ traditional security practices and only provide a first line of defence, while cyber criminals are improving their techniques to exploit new system weaknesses, conduct social engineering aiming (for example) to persuade users to click on fraudulent links or run viruses, and compromise service providers to gain access to home devices.
Project CHAI designs and assesses novel ways to mitigate cyber risks by studying a broad range of security methods for both service/application providers and smart-home occupants. The goal is to find the best combination of actions that tenants can take to secure their homes in cost-efficient ways. We go beyond just undertaking research and create a security game that tenants can play to educate themselves about the best ways to contribute to the fight against cyber attacks.
The Cyber Risk Lab at the University of Greenwich is actively looking for research partnerships with tenants, housing associations and technology providers. To learn more about our research plans and to get involved, please email me at e.panaousis@greenwich.ac.uk.
Dr. Manos Panaousis works in the Cyber Risk Lab (Internet of Things & Security Centre) at the University of Greenwich.
