{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T01:19:40Z","timestamp":1760059180038,"version":"build-2065373602"},"reference-count":35,"publisher":"MDPI AG","issue":"6","license":[{"start":{"date-parts":[[2025,5,28]],"date-time":"2025-05-28T00:00:00Z","timestamp":1748390400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Future Internet"],"abstract":"<jats:p>Smart home devices and home automation systems, which control features such as lights, blinds, heaters, door locks, cameras, and speakers, have become increasingly popular and can be found in homes worldwide. Central to these systems are smart home hubs, which serve as the primary control units, allowing users to manage connected devices from anywhere in the world. While this feature is convenient, it also makes smart home hubs attractive targets for cyberattacks. Unfortunately, the average user lacks substantial cybersecurity knowledge, making the security of these systems crucial. This is particularly important as smart home systems are expected to safeguard users\u2019 privacy and security within their homes. This paper synthesizes eight prevalent cybersecurity challenges associated with smart home hubs through a systematic literature review. The review process involved identifying relevant keywords, searching, and screening 713 papers in multiple rounds to arrive at a final selection of 16 papers, which were then summarized and synthesized. This process included research from Scopus published between January 2019 and November 2024 and excluded papers on prototypes or individual features. The study is limited by scarce academic sources on open-source smart home hubs, strict selection criteria, rapid technological changes, and some subjectivity in study inclusion. The security of extensible smart home hubs is a complex and evolving issue. This review provides a foundation for understanding the key challenges and potential solutions, which is useful for future research and development to secure this increasingly important part of our everyday homes.<\/jats:p>","DOI":"10.3390\/fi17060238","type":"journal-article","created":{"date-parts":[[2025,5,28]],"date-time":"2025-05-28T10:21:13Z","timestamp":1748427673000},"page":"238","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Security Challenges for Users of Extensible Smart Home Hubs: A Systematic Literature Review"],"prefix":"10.3390","volume":"17","author":[{"ORCID":"https:\/\/orcid.org\/0009-0003-8423-1139","authenticated-orcid":false,"given":"Tobias R\u00f8dahl","family":"Thingnes","sequence":"first","affiliation":[{"name":"Department of Computer Science, Faculty of Information Technology and Electrical Engineering, Norwegian University of Science and Technology, H\u00f8gskoleringen 1, 7034 Trondheim, Norway"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5509-0184","authenticated-orcid":false,"given":"Per H\u00e5kon","family":"Meland","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Faculty of Information Technology and Electrical Engineering, Norwegian University of Science and Technology, H\u00f8gskoleringen 1, 7034 Trondheim, Norway"},{"name":"Software Engineering, Safety and Security, Sintef, Strindvegen 4, 7034 Trondheim, Norway"}]}],"member":"1968","published-online":{"date-parts":[[2025,5,28]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Corno, F., and Mannella, L. (2022, January 5\u20138). A Threat Model for Extensible Smart Home Gateways. Proceedings of the 2022 7th International Conference on Smart and Sustainable Technologies (SpliTech), Split, Croatia.","DOI":"10.23919\/SpliTech55088.2022.9854235"},{"key":"ref_2","unstructured":"Statista (2025, March 24). Global: Smart Home Number of Users 2019\u20132028. Available online: https:\/\/www.statista.com\/forecasts\/887613\/number-of-smart-homes-in-the-smart-home-market-in-the-world."},{"key":"ref_3","unstructured":"GMI (2025, May 12). Smart Home Market Size\u2014By Type, by Connectivity, by Price, by Application, by Distribution Channel, Forecast 2025-20349. Available online: https:\/\/www.gminsights.com\/industry-analysis\/smart-home-market."},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Corno, F., and Mannella, L. (2023, January 20\u201323). A Gateway-based MUD Architecture to Enhance Smart Home Security. Proceedings of the 8th International Conference on Smart and Sustainable Technologies (SpliTech), Split, Croatia.","DOI":"10.23919\/SpliTech58164.2023.10193747"},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Andrade, R.O., Ortiz-Garc\u00e9s, I., and Cazares, M. (2020, January 27\u201328). Cybersecurity Attacks on Smart Home During Covid-19 Pandemic. Proceedings of the 2020 Fourth World Conference on Smart Trends in Systems, Security and Sustainability (WorldS4), London, UK.","DOI":"10.1109\/WorldS450073.2020.9210363"},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"102045","DOI":"10.1016\/j.pmcj.2025.102045","article-title":"A black-box assessment of authentication and reliability in consumer IoT devices","volume":"110","author":"Lazzaro","year":"2025","journal-title":"Pervasive Mob. Comput."},{"key":"ref_7","unstructured":"Samsung (2024, November 18). Connect your home with Samsung SmartThings. Available online: https:\/\/www.samsung.com\/us\/smartthings\/."},{"key":"ref_8","unstructured":"Athom (2024, September 20). Homey\u2014A Better Smart Home. Available online: https:\/\/homey.app\/en-us\/."},{"key":"ref_9","unstructured":"Open Home Foundation (2024, September 19). Home Assistant. Available online: https:\/\/www.home-assistant.io\/."},{"key":"ref_10","unstructured":"Teeuw, M. (2024, November 19). MagicMirror2. Available online: https:\/\/magicmirror.builders\/."},{"key":"ref_11","unstructured":"openHAB Foundation (2024, September 19). openHAB. Available online: https:\/\/www.openhab.org\/."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"53","DOI":"10.1097\/01.NAJ.0000444496.24228.2c","article-title":"The systematic review: An overview","volume":"114","author":"Aromataris","year":"2014","journal-title":"Ajn Am. J. Nurs."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"n71","DOI":"10.1136\/bmj.n71","article-title":"The PRISMA 2020 statement: An updated guideline for reporting systematic reviews","volume":"372","author":"Page","year":"2021","journal-title":"BMJ"},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"n160","DOI":"10.1136\/bmj.n160","article-title":"PRISMA 2020 explanation and elaboration: Updated guidance and exemplars for reporting systematic reviews","volume":"372","author":"Page","year":"2021","journal-title":"BMJ"},{"key":"ref_15","unstructured":"Elsevier (2024, September 10). How do I Search in Scopus?. Available online: https:\/\/service.elsevier.com\/app\/answers\/detail\/a_id\/34325\/."},{"key":"ref_16","unstructured":"Boutron, I., Page, M.J., Higgins, J.P., Altman, D.G., Lundh, A., Hr\u00f3bjartsson, A., and Group, C.B.M. (2025, April 17). Cochrane Handbook for Systematic Reviews of Interventions Version 6.5; Wiley Online Library. Available online: https:\/\/training.cochrane.org\/handbook."},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Ogundipe, O., Nwafor, V., Ajuwon, A., Uwagboe, E., Ajisegiri, E., Adediran, A., Ikubanni, P., Onu, P., Ogunniyi, O., and Adeleke, A. (2024, January 2\u20134). Smart Home Innovations\u2014A Mini Review. Proceedings of the 2024 International Conference on Science, Engineering and Business for Driving Sustainable Development Goals (SEB4SDG), Omu-Aran, Nigeria.","DOI":"10.1109\/SEB4SDG60871.2024.10630398"},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"107721","DOI":"10.1016\/j.compeleceng.2022.107721","article-title":"ESSecA: An automated expert system for threat modelling and penetration testing for IoT ecosystems","volume":"99","author":"Rak","year":"2022","journal-title":"Comput. Electr. Eng."},{"key":"ref_19","first-page":"147","article-title":"A Study on Artificial Intelligence-based Security Techniques for IoT-based Systems","volume":"13","author":"Alsalhy","year":"2023","journal-title":"Fusion Pract. Appl."},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Parocha, R.C., and Macabebe, E.Q.B. (2019, January 5\u20137). Implementation of Home Automation System Using OpenHAB Framework for Heterogeneous IoT Devices. Proceedings of the IEEE International Conference on Internet of Things and Intelligence System (IoTaIS), Bali, Indonesia.","DOI":"10.1109\/IoTaIS47347.2019.8980370"},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Yahyazadeh, M., Podder, P., Hoque, E., and Chowdhury, O. (2019, January 3\u20136). Expat: Expectation-based policy analysis and enforcement for appified smart-home platforms. Proceedings of the 24th ACM Symposium on Access Control Models and Technologies, Toronto, ON, Canada.","DOI":"10.1145\/3322431.3325107"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Yang, L., Liu, X.Y., and Gong, W. (2020, January 6\u20139). Secure smart home systems: A blockchain perspective. Proceedings of the IEEE INFOCOM 2020-IEEE Conference on Computer Communications Workshops, Toronto, ON, Canada.","DOI":"10.1109\/INFOCOMWKSHPS50562.2020.9162648"},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Kanchi, S., and Karlapalem, K. (2021, January 26\u201328). A Multi Perspective Access Control in a Smart Home. Proceedings of the 11th ACM Conference on Data and Application Security and Privacy, New York, NY, USA.","DOI":"10.1145\/3422337.3450324"},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"2667","DOI":"10.1109\/TSE.2019.2960690","article-title":"Scrutinizing Implementations of Smart Home Integrations","volume":"47","author":"Mahadewa","year":"2021","journal-title":"IEEE Trans. Softw. Eng."},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"906","DOI":"10.26599\/TST.2021.9010001","article-title":"Access control and authorization in smart homes: A survey","volume":"26","author":"Mohammad","year":"2021","journal-title":"Tsinghua Sci. Technol."},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"167332","DOI":"10.1109\/ACCESS.2021.3136025","article-title":"A Comparison of Open-Source Home Automation Systems","volume":"9","author":"Setz","year":"2021","journal-title":"IEEE Access"},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"67","DOI":"10.1007\/s40860-021-00160-3","article-title":"Securing the operation of Smart Home Systems: A literature review","volume":"8","author":"Amraoui","year":"2022","journal-title":"J. Reliab. Intell. Environ."},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Wang, T., Zhang, K., Chen, W., Dou, W., Zhu, J., Wei, J., and Huang, T. (2022, January 18). Understanding device integration bugs in smart home system. Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis, New York, NY, USA.","DOI":"10.1145\/3533767.3534365"},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"2292","DOI":"10.1109\/COMST.2022.3201557","article-title":"A Survey on IoT-Enabled Home Automation Systems: Attacks and Defenses","volume":"24","author":"Wang","year":"2022","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"124167","DOI":"10.1109\/ACCESS.2022.3224806","article-title":"A Comprehensive Survey of Security Issues of Smart Home System: \u201cSpear\u201d and \u201cShields,\u201d Theory and Practice","volume":"10","author":"Yang","year":"2022","journal-title":"IEEE Access"},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"664","DOI":"10.1016\/j.future.2023.08.019","article-title":"Complex online harms and the smart home: A scoping review","volume":"149","author":"Olabode","year":"2023","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"228","DOI":"10.1007\/s11390-023-2488-3","article-title":"On the Security of Smart Home Systems: A Survey","volume":"38","author":"Yuan","year":"2023","journal-title":"J. Comput. Sci. Technol."},{"key":"ref_33","unstructured":"Yu, Y., Xu, Y., Huang, K., and Liu, J. (2024, January 14\u201316). TAPFixer: Automatic Detection and Repair of Home Automation Vulnerabilities based on Negated-property Reasoning. Proceedings of the USENIX Security, Philadelphia, PA, USA."},{"key":"ref_34","unstructured":"OWASP (2024, November 21). OWASP Top 10:2021. Available online: https:\/\/owasp.org\/Top10\/A00_2021_Introduction\/."},{"key":"ref_35","unstructured":"OWASP (2024, November 21). OWASP IoT Top 10:2018. Available online: https:\/\/web.archive.org\/web\/20200416105630\/https:\/\/owasp.org\/www-pdf-archive\/OWASP-IoT-Top-10-2018-final.pdf."}],"container-title":["Future Internet"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-5903\/17\/6\/238\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,9]],"date-time":"2025-10-09T17:42:18Z","timestamp":1760031738000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-5903\/17\/6\/238"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,5,28]]},"references-count":35,"journal-issue":{"issue":"6","published-online":{"date-parts":[[2025,6]]}},"alternative-id":["fi17060238"],"URL":"https:\/\/doi.org\/10.3390\/fi17060238","relation":{},"ISSN":["1999-5903"],"issn-type":[{"type":"electronic","value":"1999-5903"}],"subject":[],"published":{"date-parts":[[2025,5,28]]}}}