KNX: 10 Steps to Secure Your Smart Home Against Cyber Attacks

Within the last 12 months, the hype around smart homes and buildings reached an incredible peak, leaving 50% of the overall population wanting at least one smart device in their homes.

Without a doubt, smart homes are on the rise, but besides the praising of smart homes and how it will change our future way of living, articles, posts and videos about security issues are almost as present.

For decades, firewalls, anti-virus tools and extra security have been regular terms whenever it came to the usage of a computer with internet connection. Who would have thought at this time that these terms were also applicable to the world of houses and buildings? No one, right? Well, probably by the time that every household started to have its own computer and internet connection, the thought that one day everyone would have even more powerful machines in their pockets (a.k.a., smartphones) and that even other devices, besides computers, would use the internet for handy purposes, was more a vision. Nowadays, the visions have become reality, especially affecting house and building automation appliances. Same as with any other devices, which are connected to a network, houses and buildings need the same protection from unauthorised intruders.

KNX_Picture 1 - Building automation as entry for hackers

Especially with the rise of the Internet of Things and the growing need to have almost every device at home connected to the internet opens countless doors to hackers, burglars and other mean-minded people, which want to have access to something they are not supposed to have. Technologies in general, but especially those connected to the internet, are vulnerable to attacks and therefore need special protection.

Let’s have a look at the easy but highly effective 10 tricks to properly secure your installation projects, big and small.

1. Fix all devices, so that they cannot be removed
Sounds obvious, right? However, fixing all devices and making the installation not accessible is mainly the way, how hackers are accessing an installation for unauthorised tempering. In many cases, hackers simply need to remove a device, resulting in worst case to full access to the installation, when it is not even password protected.

Therefore, always make sure that devices are well hidden and if visible, that they are properly fixed to the wall. This makes it harder for hackers to get access to your installation in the first place.

2. Home and building automation devices in cabinets with limited access
Needless to say that once a network device is easily accessible, it is not difficult for the hacker to access the whole network. Therefore, all devices, which control the smart home should be accessible only for authorised people, such as the system integrator and the building owner. If for any reason, each room (e.g., in hotels) need to have their own cabinet, simply lock the devices up in dedicated cabinets.

3. Mount devices in sufficient heights for outside areas
Knowing that a house’s door-lock and alarm system is controlled by a bus technology, makes it tempting for burglars with hacking experience to look for network access points on the outside. Easily accessible outside area devices, such as presence detector or even surveillance cameras, which are connected to the same automation system offer the best opportunities for that. So how protecting these devices from easy access? As easy as it sounds, the effective it is: mount the devices high enough for them not to be reached easily.

As burglars usually have to be quick and unsuspicious, it is very unlikely that they carry ladders with them in order to reach bus devices. Wouldn’t you agree?

4. Special anti-theft screws
Often used, but also mostly used as an entry door for hackers, especially in hotels, are light switches with bus access. However, special screws make it way harder for intruders, since they need special tools, which not every hacker is carrying with him.

KNX_Picture 2 - Special Anti-Theft screws

5. Usage of binary inputs
However, should the switches, despite the fixed mounting and special anti-theft screws still be a security threat to the installation for any reason, there is a very simple trick to make the installation safe again: binary inputs!

Binary inputs allow the usage of conventional switches, which are not directly connected to the home or building automation network. So even if the hacker would have access to the light switch and everything, which is behind it, the access to the actual network would still be missing.

6. Proper cabling
Now that all devices have been well secured and are hard to reach, another important aspect is proper cabling. Whilst power cables, which make the lamps light, do not offer access to the bus network, loosely hanging or easily accessible cables do! Therefore, cable ends should not be visible respectively hanging outside the wall on the inside and especially on the outside of the building.

7. Power Line Communication (PLC) - Electronic filters for encrypting messages
Although twisted pair cables are the most commonly used communication media, power lines allow the transmission of telegrams from one device to another. Using a power line installation, hackers even have it easier to access an according installation and temper with its applications. Although this might sound very techy, it is actually very simple: use electronic filters. These devices filters are used for incoming and outgoing signals, which do not only encrypt the telegrams but also limit them to one network.

To be put in easy words: When you are using power line as communication media, simply install them to make your installation safe.

8. Dedicated Ethernet network for house and building automation
Controlling your installation via Ethernet has many advantages, such as the controlling over long distances or with tablets and smartphones. This is great, but using the same network for building automation and other purposes makes it very easy for unauthorised people to access your installation. Simple access to the Ethernet can therefore be a threat to the whole installation. Therefore, the best is to always use a dedicated network for the house’s and building’s automation system.

9. Hot thing: Connection to the internet
The internet has evolved to an important part, especially in the recent world of home and building control. Showing-off the possibility to control your home with your smart phone is almost as important as the actual installation. Therefore, the building needs to be connected to the internet, otherwise I could not show off my great house, right?

Well, as we witnessed in the past, new technologies were regarded as hardly more than toys with unnecessary gimmicks, which no one wants or needs. However, the functionalities and applications for smart homes have rapidly developed from show-off-only functionalities to very handy applications, especially in terms of security and energy management. But as the internet allows hackers to access your computer and portables, so does it allow the access to your bus system!

The best way of course to protect your installation is to have no connectivity to the internet at all, but for almost all smart home solutions, this is not an option, especially under the aspect of the growing IoT discussion.

Therefore, in order to be protected against hackers from the worldwide web, it is necessary to protect the communication by means of a VPN connection, dedicated for the building automation system. Also some manufacturers are offering dedicated devices, which allow a communication via https.

However, it is recommended to fully evaluate, whether a connection to the internet is really necessary or not – Because without any connection of the automation system, there are also no entry points for hackers.

KNX_Picture 3 - Great possibilities by home and building automation10. Be smart and study available information
Pulling cables and realising solutions can definitely be fun and also bring in money. However, just jumping in the world of home and building automation without thinking of security aspects is just adding fuel to the flames regarding the current discussions about safety. So before you start planning your installation, check out, which information is available on the internet and make your installation already during the planning stage safe!

For this, various information is available online, such as checklists and papers and dedicated webpages, which will help you to ensure the highest security in your homes and buildings.

Although some of the points might sound obvious, they should always be taken into consideration, because as obvious they might be to you, as obvious they are for hackers and intruders as well. So start making your installation safe and do not give any chance to hackers to add more negative headlines about the great possibilities, which can be realised by home and building automation.

Article Categories