The Internet of Things (IoT) is the network of physical objects or “things” embedded with electronics, software, sensors, and network connectivity, which enables these objects to collect and exchange data. Example of IoT devices may include networkable ovens, light switches, light bulbs, coffeemakers, irrigation systems, thermostats, surveillance cameras, etc. The list is non-exhaustive and is still expanding. IoT devices are becoming ever more common inside people's homes.
Some IoT devices have poor security designs. They may have weakly protected processors, weak software implementation providing little or no security, or other security vulnerabilities. Hackers or malware may be able to easily exploit these poorly-secured IoT devices and use such IoT devices as bases from which attacks against other targets in the home network can be launched. As IoT devices may be trusted entities within a home network, hackers or malware may be able to hide behind the identity of trusted IoT devices and disguise themselves as also being trusted.
Home users do not always have the resources or knowledge to properly secure their home networks. Sophisticated solutions exist to help enterprise users manage their complex networks, but these solutions require the resources or knowledge of a dedicated information technology (IT) department, which may not be available to home users.
Wireless local area networks (WLANs) deployed within home networks may have a few well-known security issues. Wi-Fi Protected Access (WPA)-Personal (also known as WPA-pre-shared key, or WPA-PSK) or its equivalent for Wi-Fi Protected Access II (WPA2) (known as WPA2-Personal or WPA2-PSK) is the most common mechanism used to secure home WLANs. With standard WPA-Personal or WPA2-Personal, the same passphrase is shared with all client devices. Therefore, if one device is breached by a hacker or malware and the WLAN passphrase stored therein compromised, the hacker or the malware may connect to the home network via the WLAN connection while pretending to be a legitimate device on the home network, may eavesdrop on the communications of other devices, even if the communications are encrypted, or may impersonate another legitimate device. Furthermore, to change the passphrase of the WLAN, each and every device on the WLAN needs to be individually reconfigured with the new passphrase. Further still, a guest to the home may request the passphrase in order to temporarily utilize the host's WLAN connection. If the host user provides the guest with the WLAN passphrase, then the host user may lose control over the passphrase, which is shared across all devices on the WLAN.
Some of the drawbacks associated with WPA-Personal or WPA2-Personal as described above may be mitigated by an alternative known as WPA-Enterprise or WPA2-Enterprise. However, deployment of WPA-Enterprise or WPA2-Enterprise may be infeasible within a home WLAN as it may require the resources or knowledge of a dedicated IT department. Moreover, WPA-Enterprise or WPA2-Enterprise may require computational capabilities from client devices that may be unavailable on some IoT devices.