Smart home and internet of things devices pose their own particular security risks, cybersecurity expert tells Hong Kong forum

Smart technologies in the home carry their own particular security risks, warned a cybersecurity expert in a debate on Hong Kong’s smart homes on Monday.

“There is a lot of personal data collected by internet of things (IoT) devices and smart home devices, even through the real world,” Ian Christofis, managing principal consultant with advanced solutions group, Thales eSecurity, said. “One major concern is how secure the devices are.”

The remarks were made during a panel discussion on smart homes, the latest session of the “Redefining Hong Kong Debate Series” organised by the South China Morning Post.

HKT in big push to bring the internet of things to the home

Cybersecurity has become a major concern in Hong Kong in the past week after the airline Cathay Pacific Airways disclosed a data breach of 9.4 million passengers seven months after its first discovery.

“We are seeing increasing incidents of large data breaches, Cathay Pacific being on top of the minds for all of us at the moment,” he said.

Christofis gave examples of collected personal data for connected living that could be hacked, such as feeds containing baby monitoring video footage for nursery and home activities.

“You want to watch your baby’s nursery video,” he said, “but not for other people to watch.”

Temperature sensors can also detect which person is in the room. This kind of personal information indicates living patterns such as when a person leaves home and returns.

Christofis explained that the security concerns are mainly with devices, aggregation points, and cloud services that the devices are connected to, whereas the privacy concerns are linked to how personal data collected will be used or reused.

He noted increasing large data breaches in recent times such as the Cathay incident: “The responsibility is definitely there with the major players … they should be encrypting all the personal data on servers as a key point,” he said, nothing that it is a trend for authorities to require mandatory notifications of breaches by companies in the European Union, Australia and some states in the United States. In Hong Kong, it is still voluntary.

Daniel Chun, General Manager of Remotec Technology, said Hong Kong is a distinct market for smart home technologies as people’s living spaces are smaller and many people live in rented properties.

While Hong Kong is behind the United States, Germany, Japan, Korea, Singapore and some mainland Chinese cities such as Shenzhen in terms of smart home penetration, opinion is divided on whether the city is ready for smart homes.

Florence Kong, architect and founder of design studio Fab-A-Matter, was confident that the city is ready for smart homes because the city’s high broadband connectivity and smart phone penetration rate make it “ideal for connected living”.

But Manav Gupta, founder and CEO of Brinc, believed the high cost of living and the large number of old buildings in Hong Kong make it difficult and expensive for customers and builders to retrofit connectivity.

Can the ‘internet of things’ help stimulate growth in Hong Kong?

He said it was easier to build smart homes in mainland China as a lot of buildings can be built from the scratch and there are many creative solutions there. “We all know Hong Kong is behind. But maybe they can leapfrog or find a unique approach to get ahead of everybody else by designing custom houses,” Gupta said.

Tony Yu, head of strategy and marketing at Schneider Electric, called for the government to encourage the localisation of smart home technologies because the local market is too small for international companies to customise for it.

One example is the lack of Cantonese language support in some devices sold globally. He also stressed the importance of integrating different applications to one platform to make it more user-friendly.