As digital transformation impacts more and more aspects of life, cybersecurity is becoming increasingly important. To better fend off manipulation and attacks, researchers are conducting analyses to identify vulnerabilities. The following case studies spotlight typical dangers and remedies.

Case 1: Smart home security check

When it comes to protecting one’s own home, the stakes—and requirements—are high. Demand for household appliances and multimedia devices continues to rise, particularly for solutions that allow users to centrally and remotely manage functions. Intelligent heaters, electronic door locks, smart washing machines, etc., capture highly sensitive personal data. This data can be exploited to identify the user and draw conclusions on their activities, medical history and much more. Should a hacker infiltrate the smart home system, the attack can spread throughout all connected devices.

Against this background, Fraunhofer IGD and TU Darmstadt researchers in an interdisciplinary CRISP project are developing a smart-building demonstration environment that can be employed to simulate external attacks. The basis is Fraunhofer IGD’s Smart Living Lab, which mimics a realistic apartment equipped with sensors for localization and activity recognition. The studies, data records, and manipulation attempts help provide key insights: How does normal activity differ from attacks? And how can these anomalies be detected and identified in data flows? The findings form the foundations for enhanced security solutions. In addition, the project aims to make a large proportion of data processing local, to avoid misuse of personal data from the very outset. (Contact: Julian von Wilmsdorff)

Case 2: Voice recognition security check

With so many PINs and log-ins for smartphones, tablets, desktop PCs and myriad other devices, it is no wonder users sometimes forget their passwords. Resetting them is usually simple—at least for personal accounts. When it comes to work environments, obtaining new credentials can be complicated. In major corporations, users typically need to apply for a new password via a cumbersome process. But there are solutions. For example, authentication by means of voice recognition software allows the user to set up a new password simply by making a telephone call. A personal identification number and a (relatively short) spoken sentence verify that the caller is who they say they are.

Fraunhofer IGD researchers are investigating a voice recognition system for potential vulnerabilities prior to its rollout. To this end, they tested the accuracy of the voice recognition function and its resilience to obvious attempts to circumvent it—such as playing recordings of a different person’s voice, or the use of voice-modifying technology available for free on the Internet. The system proved to be up to the task. And for project partners, this means the solution can be implemented with a clear conscience. Project Leader Olaf Henniger believes that voice, like artificial intelligence, will play an increasingly important role in human-computer interactions. “At the same time, artificial intelligence is being used to falsify voice signals. We will take new attack vectors such as this into account for future security evaluations.” (Contact: Olaf Henniger)