Scoring Methodology

The following document outlines a scoring system for smart home device’s component. The weights given to each component and their properties are provided based on the threat model discussed next. Additionally, the scoring system can be adapted for any deployment environment and threat model by changing the weight distribution around the components’ properties.

Smart-home devices have four main components:

  1. The device – the hardware purchased.
  2. The mobile application – the companion mobile application that interacts with the device
  3. Cloud endpoints – Internet services that the device or the mobile application communicates with.
  4. Network communication – Network traffic between each component (local and Internet traffic).

Device properties

The device properties the following: Internet Pairing - The configuration of network credentials to connect the device to the Internet.
Configuration - The device configuration during the setup phase, creating an account, setting up preferences, etc..
Upgradability - The device’s upgrade options. Does the device update automatically or require user interaction?
Exposed services - Visible running services on the device, like UPnP, mDNS, HTTP server, etc.
Vulnerabilities - Running services on the device that contain vulnerabilities, which are scored based on a Common Vulnerability Scoring System (CVSS)


Mobile Application properties

The mobile application properties are based on static analysis to identify three types of security issues. Sensitive Data - Sensitive data includes artifacts like API keys, passwords, and cryptographic keys that are hard-coded into the application. Programming Issues - Implementation errors and incorrect use of libraries include weak initialization vectors in cryptographic functions or guessable seeds to pseudorandom number generators. Over-privileged - Mobile applications request excess permissions that are not required or used in the application code.

image 1234

Cloud endpoints

The cloud endpoint properties are based on the assessment of services that the device and/or the mobile application communicate with.

There are three properties to inspect:
Domain categories - Domain categories define three main categories, namely first-party, third-party, and hybrid. First-party domains are endpoints that are owned and managed by the vendor of the product. Third-party domains are endpoints that use external services like Google Maps. Hybrid domains are endpoints that are run on cloud infrastructures like Amazon or Azure but managed by the vendor of the device.
TLS configuration - TLS configuration refers to the proper setup of TLS/SSL including the use of trusted and valid certificates along with avoiding legacy versions of TLS/SSL with known vulnerabilities.
Vulnerable services - The deployment of vulnerable services on the cloud endpoint includes the use of cleartext authentication, misconfigured services, exploitable services, or the use of unsupported legacy operating systems as the host for the cloud endpoint.

network hubs

Network Communication

The network communication properties are based on the observed network traffic between the three components, which are the smart-home device, the mobile application, and the cloud endpoint.

There are three areas to inspect:
Protocols - The use of third-party DNS, HTTP, UPnP, NTPv3, or custom protocols are considered under the protocol category. These protocols have security implications shown under the attack scenario section. Susceptibility to man-in-the-middle (MITM) attack - Identifies whether the communication between device-to-cloud, mobile application-to-cloud, or mobile application-to-device can be MITM attacked. Use of Encryption - Identifies whether the communication between device-to-cloud, mobile application-to-cloud, or mobile application-to-device uses or lacks encryption.