nies like SmartThings and analyze what good and bad design principles are at work in their
product lines. People are installing and using such devices now, and the accompanying secu-
rity architecture is bound to set precedents and be leveraged in future versions of similar
products.
A lot of the functionality of these products is also currently being used to ensure physical
security—for example, when a house’s main door is unexpectedly opened at midnight, an
alert might be sent to the homeowner’s smartphone. As such, it is urgent for us to evaluate
the current state of security of such products, so we can learn how to secure them now and in
the future.
The SmartThings system can be used to control IoT products developed by third parties
too. Many companies are trying to figure out how to interoperate with devices manufactured
by others, so it is important to learn how to make all of our devices work with one another
securely. In this chapter, we will also take a look at the interoperability offered by Smart-
Things from a security perspective.
SmartThings
In this section, we will focus on the following components: the SmartSense Multi Sensor, the
SmartThings app, and the SmartThings Hub. Given the various ways the SmartThings plat-
form can be programmed using the app, our focus will be on testing the secure design of the
platform by analyzing the design and functionality of the app.
The SmartSense Multi Sensor (Figure 4-1) is a multipurpose device that includes a tem-
perature sensor, an accelerometer, and a magnetic open/close sensor for doors. In this chap-
ter, we will focus on the use case of the SmartSense Multi Sensor being used to trigger an
event when a particular door is opened or closed.
The SmartThings Hub (Figure 4-2) is the brain of the SmartThings platform. It connects
to all the sensors (including some third-party devices), allowing the user to be notified of
events that trigger based on the inputs the sensors receive. The Hub also connects to the
SmartThings cloud infrastructure, allowing the user to program specific triggers when the
sensors receive input.
CHAPTER 4: BLURRED LINES—WHEN THE PHYSICAL SPACE MEETS THE VIRTUAL(^86) SPACE