Avoiding a ‘Digital Break-In’ Part 1: My Home, My Data

26th February 2016 in Know How

The topic of data privacy is hotly debated in the media. In a time where major companies like Google and Facebook have access to vast amounts of personal data and use it actively, consumers are becoming increasingly aware of how visible they are online.

fitbitAs we embrace a more ‘connected’ lifestyle, keeping our personal data secure becomes more important than ever. Back in 2011, fitness tracker giant Fitbit (or rather, Fitbit wearers) suffered the embarrassing reality of finding their profiles were public and searchable in Google, with user’s exercise logs (including their activities in the bedroom) available for all to see.

Alongside wearables, smart homes haven’t escaped the media’s notice either. It seems each week sees a new article question the security of smart home technology, fuelled by reports of homes suffering from ‘digital break-ins’ and family members intimidated by the perpetrators.

Is Smart Home Technology Really As “Safe As Houses”?

There are several solutions available that promise to keep you and your family safe with round-the-clock intelligent surveillance at home. Whether you want to keep an eye on your pet whilst you’re at work or ensure the kids arrive home from school safely, the concept is a good one. The problem is that sometimes these solutions can be a bit of a Trojan horse and by bringing them into your home, you allow your personal data to be taken from the inside.

Many app controlled smart devices relay information about the home (temperatures, occupancy schedules, video recordings etc) to their external servers for processing. By storing information in the cloud, these solutions offer convenient control for the home. However, homeowners who opt for several devices (such as a smart thermostat, a smart webcam and a smart lock, for example) may have to cope with a separate app for each product, which can result in multiple clouds and a greater chance of a data breach.

Privatsphäre im Smart Home - Loxone

The Loxone Principle: My Smart Home, My Data

Here at Loxone, we’re often asked about the whereabouts of our customer data. Keeping customer data private has always been of utmost importance to us. After all, the majority of Loxonauts have Miniservers in their own homes and feel that personal data should remain, well, personal. In short, all the information the Miniserver gathers about you and your home stays within your Loxone Smart Home.

Everything is stored on and processed by the Miniserver

As you may already know, in a Loxone Smart Home everything is controlled by a central unit, the Miniserver. This forms the core of all intelligent automation activity throughout the home and acts like an autopilot for managing your lighting, heating, blinds, music and more.

The individual systems and devices within the home do not communicate directly via the Internet, but instead report to the Miniserver. What does this mean? It means that your lighting, heating or burglar alarm are not relying on an Internet connection in order to work. Any smartphones used to control the home, both locally and remotely, must therefore communicate via the Miniserver.

The Miniserver stores the data it needs directly on its SD card. Sensitive information such as the number of residents, daily behaviour and occupancy schedules, holiday dates, camera pictures, current status of the alarm system etc. remain within the home.

Login details for a Loxone web account (to buy products from the online shop for example) is completely unrelated to any Miniserver login information. This may seem obvious for a professionally installed solution like Loxone, however, many off-the-shelf solutions which are cloud-based have one account with one login that’s used for everything from buying add-ons to adjusting the temperature at home. The danger here of course is that this login can be a central point of attack.

Loxone Smart Home ohne Cloud

No Internet connection? No problem!

Many smart home solutions simply can’t run without the Internet, but since homes existed long before the Internet, we don’t feel it should be this way. That’s why the Miniserver can be operated with no Internet connection via the local network. Everything runs as normal with the exception of functions such as remote access, e-mail delivery, online weather data and push notifications.

Only essential information data is communicated via our Online Services

We offer a range of additional services that extend the functionality of your smart home. The use of these services is optional. Should you choose to use them, we communicate only the bare essentials to our servers, such as the serial number of the device (for Mailer and Caller services) or the IP address (for the DNS service). No personal information like name, address, usage habits or statistics are ever stored.

Of course, choosing suitable passwords and securing your mobile devices play a big part in keeping your smart home secure. In Part 2, we’ll take a look at some practical steps you can take as a smart home owner to ensure your data is kept safe.

If you have any technical questions regarding home security with the Miniserver, or you’d like to discuss your own project in more depth, please get in touch via [email protected], or alternatively, book a free consultation with our Partner Consulting team here.