Wednesday at the Samsung Developer Conference keynotethe company unveiled its new smart home security strategy: link all of your devices to a private blockchain so they’re all monitoring each other. If one smart appliance gets compromised, the others kick it out of the smart home club.
As Samsung expects bad actors to compromise personal devices at an increasing rate, the company considered several options to protect the many parts of a smart home, like phones, routers, TVs, and even appliances that could serve as vectors for attack. Currently, some Samsung devices have dedicated hardware like Knox chipsets on Galaxy phones that keep data safe, but even more complex security solutions would mean higher manufacturing costs and product price hikes.
The company’s solution, called Knox Matrix, is a novel application of blockchain tech on a very small scale, which could be an effective safeguard as people make their homes smarter.
To be clear, home devices that use Knox Matrix are only linked to a private blockchain, not any of the public ones tied to cryptocurrencies. It’s a local arrangement meant as an alternative to cloud-based verification: Instead of needing to verify software online, the devices themselves look out for cyberattacks.
Ahead of their presentations at the Samsung Developer Conference, Samsung principal engineer Bumhan Kim and senior product security engineer Shin-Chul Baik spoke to CNET through interpreters to explain how Knox Matrix works and how it can help users build a safer smart home.
“We want to ensure that people feel safe in the comfort of their own homes,” Kim said. “It’s not enough to think about security on every single device — we wanted to look at it more holistically.”
How a blockchain-protected home works
Knox Matrix-supporting devices, which will start arriving in 2023, form a trust chain. If you have, say, a smartphone, TV, router, smart refrigerator, air conditioner and washing machine, each checks on the other to verify that they’re all in working order.
It’s not likely that someone’s smart home will be targeted by the kinds of cyberattacks that befall big companies, but something like downloaded malware might make its way on to one device and attempt to spread through a network. Knox Matrix is designed to automatically detect intrusions and cut out devices that have been compromised to protect the rest.
To spot new types of malware and other harmful intrusions, Samsung formed a Threat Intelligence Team to monitor and detect new security threats to Galaxy devices and patch vulnerabilities. The relatively new team tracks threats on the dark web and deep web to watch for hacking trends and other vectors of attack. For instance, as more people turned to remote work during the COVID pandemic, the team saw more spyware and Trojan malware that piggybacks off innocuous messages to covertly install backdoors.
“We hope to gradually grow the team to increase the number of channels where they conduct monitoring so they can more proactively secure intelligence in order for us to quickly patch and respond to these possible threats,” Baik said.
To make sure a home network of devices is up to date, the Knox Matrix blockchain sees if each is using the latest software, and if not, prompts an update — or even downloads the file on one device and sends it over to the other that needs it.
Samsung currently updates phone and router software in monthly, quarterly and semi-annual patches, but will “also be integrating other devices into the security patches, including household appliances like TVs or refrigerators,” Kim said.
A network of trusted devices in a private blockchain has other benefits. They can share credentials, so if you want to sign into your Samsung account on your laptop but your ID and password are saved on your Galaxy Phone, you can — after verifying with biometrics like a fingerprint scanner — send those credentials over seamlessly.
Spreading Knox Matrix
The first wave of Knox Matrix products coming in 2023 will be exclusively from Samsung, but the company plans to make it an open ecosystem afterward. In two to three years, products from Samsung’s partners will be released that also tap into Knox Matrix protection.
This raises a big question: How many Knox Matrix-supporting devices will you need to buy to benefit from the private blockchain security? You only need two, Kim said. Internally, Samsung has decided how many devices for the blockchain concept work best, but it’s still finalizing what it will announce publicly. Examples mentioned in press materials include up to six devices.
Samsung isn’t rushing Knox Matrix out to deter a present threat, just to prepare for a more connected future.
“We’re not currently experiencing any increased attacks. We just want to stay a step ahead of potential attacks,” Kim said.
A Knox Matrix network could even better protect your smartphone. While Samsung says its phones are highly secure, mobile devices connected to the internet have more ways they can be attacked.
“If it’s connected with a large number of [Knox Matrix] nodes, which can mutually monitor each other for threats, then definitely there could be a high level of security in your phone,” Kim said. “It’s always better to go together than alone.”