Youâre on the way into work, but youâre feeling groggy â not enough sleep lately.
You decide to buy a new, âsmartâ bed that connects to the internet and measures the quality of your sleep through metrics such as your heart rate and breathing rate and how much you toss and turn.
But while those features might be nifty, they may also be the thing that ultimately keeps you up at night.
Thatâs because that internet-connected bed offers a pathway into your home network for cyber attackers, and potentially provides a glimpse at data as personal as your sleeping patterns.
This isnât a science-fiction fantasy about the emerging âinternet of thingsâ and proliferating smart home technology â a person in San Antonio recently had their online home network accessed by a hacker via their Sleep Number smart bed, according to Chris Edelen, president of Sterling Home Technologies, which designs and installs smart home automation systems.
âWe always hear about data breaches of companies, and we donât hear about breaches of homeowners â but theyâre happening every day,â Edelen said. â(Smart home security) is becoming a bigger and bigger issue.â
The internet of things is made up of all the internet-connect devices you may have in your home. That could range from smart lawn sprinklers and thermostats to a security system, gaming system or a robotic vacuum, among many other devices.
The number of these devices has grown exponentially, and the technology in the coming years could become as ubiquitous in homes as dishwashers or refrigerators, according to local home builders.
The problem? The conveniences â the ability to turn on the air conditioning at your home from your phone while youâre leaving work, or the ability to see real-time video of your home from a security camera â all introduce additional devices that can be used to digitally enter your home network, steal your data and potentially spy on you.
âMany of those (devices), they represent a pathway into the home that didnât exist before. And so I think most consumers donât weigh the risk and reward,âsaid John Dickson, a principal at the cybersecurity firm Denim Group.
Smart home technology use has grown rapidly this decade, while functionality and affordability have both improved in recent years.
The number of IoT-connected devices is expected to reach 43 billion in 2023, triple the number from 2018. And today nearly a quarter of all businesses use some form of IoT technology, up from 13 percent five years ago, according to consulting firm McKinsey & Company.
Proponents of the technology tout its ability to enhance a house or apartmentâs âlivabilityâ, and generally make life at home more convenient.
âWe hear from clients all the time that overall it helps them really enjoy their home more than they would without the technology,â Edelen said. âItâs a real convenience, in many ways.â
Gilbert Sanchez, vice president of HomeWerks, installs home automation systems of all sizes and varieties.
âSome customers, they want to walk in their house, push one button and the TV comes on and goes on the station they want to watch, and twenty different things happen,â Sanchez said. âMy house, when I hear a noise, I push a button, my cameras come on my TV, and my exterior lights come on. âHey, my dog is chasing a raccoonâ â I donât care, I hit my button and go back to my TV.â
The technology could allow users to arm their security system from work, see if the garage door was left open, or remotely unlock the homeâs doors for someone â a maid, or child for example â to enter while youâre away.
Beyond that, the technology can make homes more energy efficient by automating thermostat use, controlling lighting and closely measuring energy consumption â all generating savings for homeowners.
âIf youâre integrating devices making your home more energy efficient, you will see that impact in your bills,â said Krystel Castillo, director of the Texas Sustainable Energy Research Institute at the University of Texas at San Antonio.
IoT technology will allow smart meters at homes to communicate energy consumption levels to homeowners, while also communicating with utility providers to manage city-wide energy use at certain times of the day, according to Castillo.
Sanchez said a relatively basic home automation and security system including a security camera, a smart thermometer and door lock and exterior internet-connected lights would cost a customer somewhere around $1,800, depending on the quality of the devices, and would take a day to install.
But the combination of poor cybersecurity practices by the average consumer and minimal built-in IoT device security can make for an alarming combination.
A study published this month by two other UTSA cybersecurity researchers found vulnerabilities in internet-connected light bulbs, a seemingly benign appliance and the most widely used form of smart home technology.
Edelen said about 87 percent of clients heâs worked with install some smart lighting control â and that number is growing. Edelenâs company has seen business in their home automation services increase by about 20 percent this year compared to last year, he said.
Products such as the LIFX smart light bulbs can be connected to a WiFi network, where users can control light color and brightness levels, as well as sync the lights up to match music or television audio.
But hackers can access the bulbs a variety of ways, and then do things such as use infrared waves from the bulb to transmit data from your network, including text and photos, to a hackerâs device.
âModern internet-enabled smart lights promise energy efficiency and many additional capabilities over traditional lamps,â the study reads. âHowever, these connected lights also create a new attack surface, which can be maliciously used to violate usersâ privacy and security.â
Numerous other examples show the hazards of the technology â including childrenâs toys that can be accessed and used to record audio and video of the user, or smart locks that consumers control from their phone, but that landlords or hackers can unlock without the userâs permission.
Even so, Dickson, the cybersecurity expert, said he does have a few IoT devices in his home, and said the safety of the device is largely stems from the quality of the manufacturer, he said.
Products from high-profile device-makers, such as Ring and Nest, are generally safe for use, whereas many single-use devices manufactured primarily in China often lack robust security features, according to Dickson.
He compared smart technology to driving a car, saying users can get into an accident or be the victim of a cyberattack any time they drive or use the internet â but that doesnât mean most people ditch driving altogether.
âUsers really need to be much more sophisticated and wary,â Dickson said. âHow we drive, we donât put ourselves in position to be in trouble. We donât drive a car if we know its brakes are in bad shape.â
Dickson and others said the best way to address IoT device security flaws is to change the deviceâs default password and security settings. Users should also readily install software updates on any of their devices because it could be a patch for a security issue.
IoT users should also set up a separate guest WiFi network in their home that visitors can access, but that their smart devices are not connected to.
The technology is still fairly young, and will likely become even more prevalent in the coming years.
Edelen and Sanchez said they expect voice-controlled devices to grow in popularity next after the rise of smart lighting and security systems â and new houses are already having full home automation systems installed during construction.
Cybersecurity experts said users should ask themselves how necessary some functionalities of devices are â do you really need your phone to tell you how many eggs are in your refrigerator? â and should call for greater scrutiny of IoT security from policymakers.
âThe societal problem we have is thereâs more demand for products than there is for security,â Dickson said. âUntil consumers push for more security and ask elected officials to push for that in the form of regulations, itâll still be up to the manufacturers, and thatâs the case right now.â