Sales of smart home devices are expected to reach $1.4 billion by 2021, a 500 percent increase from the $90 million in 2016, according to new research from Ovum.
Ovum researchers Senior Analyst Francesco Radicati and Senior Practice Leader Michael Philpott said in the still unreleased "Smart Home Devices" forecast report that sales will be driven by the sale of security devices such as cameras, door locks and sensors, as well as utilities devices such as light bulbs and smart thermostats.
Overall, the authors believe the average home will have 8.7 devices, which brings the installed base of smart home devices to four billion.
Despite the massive growth of smart devices, Radicati told SC Media on Wednesday that security will continue to be a major issue. Smaller companies that are bringing their first products to market might not necessarily have the financial deep pockets, the expertise or the competitive imperative to build high-end security into their devices. As is the case in many start-ups, their goal will be to get their product to market and perhaps fix bugs in later versions.
According to the report, “there is a distinct gap between the number of smart home households and the take-up of dedicated smart home services. For example, on a worldwide basis, 15.5 percent of households will have adopted smart home security technology by 2021, but only 6.2 percent will be paying for a professional smart home security service.”
While voice-activated products, such as Apple Siri and Microsoft Cortana, and consumer products, such as Amazon Echo, require greater security and privacy considerations, IP-connected light bulbs and other innocuous devices can be successful if consumers rely on “herd immunity” rather than more sophisticated security updates, Radicati said.
Many consumers expect that security will be built in, he said, but often these are the same consumers who might use 123456 or aaaaaaaaa as their passwords. Often, consumers who purchase home security devices do not know how or why they should change the default access credentials on devices such as home routers, leaving “admin” and “password” as the default access login credentials. As a result, these consumers are more likely to be breached than those who change their login and passwords, he said.
While acknowledging that many vendors of smart home devices have been lax with their security, Radicati said that he expects vendors of devices such as security cameras to be improving their built-in security. Botnets, including the ones that were part of the massive DDoS attacks on the Dyn DNS service provider and security researcher and blogger Brain Krebs, included millions of internet of things (IoT) devices, such as IP-connected security cameras.
Ovum isn't alone in sounding the alarm about the explosive growth of IoT device and their possible security issues. Verizon Enterprise, publisher of an annual data breach report, issued a report this month stating that IoT is still trying to move past its “growth spurt” and improve security.
In fact, Verizon's take on IoT device security leaves little doubt that the company sees considerable vulnerabilities in these connected devices. “IoT devices are the ideal target for being conscripted as part of a botnet army,” according to Verizon.
“The underlying problem is that many IoT manufacturers are primarily designing their devices for functionality; and proper security testing often takes a back seat,” the report stated. “It's even more necessary with IoT devices that the buyer scrutinizes the security of any devices they use. IoT botnets spread quickly because they don't face some of the problems conventional botnets do, due to the fact that IoT devices are often rarely patched or updated.”
Ovum's Radicati concurred, saying that most users of IoT devices do not ever update security; rather, they expect the vendor to build in sufficient security before the product is sold.