The Internet of Things is here to stay, but connectivity doesn’t have to come at the cost of security and privacy. Here’s what you should know.
Believe it or not, the first smart device in history came online
nearly 40 years ago.
In 1982, David Nichols, a graduate student at Carnegie Mellon University, got the idea to connect a Coke machine to a networked computer so that it could report its inventory and temperature. This scheme wasn’t nefarious or conniving. The
machine was a long way from his office, and he didn’t want to walk all that way to discover that it was out of stock or (worse) that it was freshly stocked with warm soda.
And just like that, the first internet-connected device came to be.
Heading into 2020, an estimated 50 billion devices comprise what’s known as the Internet of Things. From soda machines and ovens to security cameras and card readers, these internet-connected devices empower us to do incredible things while collecting data and quantifying our lives.
WHAT IS THE INTERNET OF THINGS?
The Internet of Things (IoT) is a term meant to describe the system of computing devices and digital machines (all with unique identifiers) that can transfer data over a network without the need for human interaction.
Your smartphone is a great example. It uses an internet connection to send and receive data on your behalf. Sometimes it sends data because you ask (when you search for something or send a text message), and sometimes it sends data in order to function properly (keeping the clock updated).
Thanks to growing network connectivity, IoT has become a revolution. Using IoT devices, consumers can leave a store with purchases in hand without stopping at a cash register. Your refrigerator can order food for you, and cities can even use networks of cameras to track and manage traffic.
Currently, the IoT professional services market is expected to grow from USD 79.0 billion (2018) to USD 189.2 billion by 2023 at a Compound Annual Growth Rate of 19.1% over the term. Industrial and transportation sectors are big drivers behind this growing connectivity as factory automation and smart transport and logistics engage in what’s been hailed as the 4th Industrial Revolution.
From an operational perspective, this makes sense. IoT- connected devices have gotten more sophisticated over the years, and the cost required to manufacture these devices and keep them connected to a network has steadily decreased. With such factors at play, some estimates put the number of connected devices as high as 1 trillion by 2025.
IoT devices will give us a more connected world but, depending on your perspective, that might not be such a great thing.
The Dark Side of IoT
Some IoT devices are technological wonders. Your smartphone is essentially a pocket-sized computer that connects you with the rest of the world from nearly anywhere.
But that connectivity comes at a cost. Automation and smart logistics are direct results of internet-connected and devices. The race for efficiency will cost jobs and force us to reevaluate how we think about work and productivity.
Mikko Hyppönen, one of the top computer security experts in the world, equates the Internet of Things with a carcinogen:
“Asbestos was such a great innovation. It looked like a miracle material, originally. Such a great innovation, which then decades later turned out to be the worst innovation.”
He believes that eventually anything that uses electricity will be online whether we like it or not. This isn’t necessarily a good thing. Hyppönen likens IoT to the “asbestos of the future”, pointing out that so much connectivity is dangerous to
our personal privacy and security.
“This,” he says, “is what our kids will hate us for.”
Vulnerabilities in IoT
Hyppönen’s comments have some merit, especially when if you consider that the Internet of Things has developed far faster than the technological infrastructure needed to support it.
In 2014, HP reported that fully “70 percent of commonly used IoT devices are vulnerable to cyberattacks and breaches.” This is driven home by the slew of high-profile breaches involving IoT devices, exposing the security and privacy issues the industry faces:
● Samsung smart TVs were found to have significant vulnerabilities: “a relatively unsophisticated hacker could change channels, play offensive content, or crank up the volume… This could be done over the web, from thousands of miles away.
● A flaw in D-Link webcams allowed hackers to view unencrypted video streams.
● Workers for Ring, the IoT doorbell company, were caught watching customer video feeds.
● Orvibo, a Chinese smart home solutions provider found they were “leaking billions of logs from devices… exposing a range of sensitive information about their users” (the server that was hacked was sitting in Amazon Web Services
with no password protection).
● Researchers at UTSA discovered security vulnerabilities in smart light bulbs that could allow hackers to “send commands via the infrared invisible light emanated from the bulbs to either steal data or spoof other connected IoT
devices on the home network.”
These security issues should justifiably worry us. It seems we’re connecting everything we can to the internet with no thought as to what threats it will expose us to.
If you’re worried, you’re not the only one. A report by the Internet Society and Consumers International found that 63% of consumers distrust IoT devices to protect their privacy and handle data in a responsible manner, and 28% of people who do not own a smart device will not buy one due to security
Solving IoT Security
Consumer concern has led to some government action.
The FCC is working to reduce cybersecurity risk by forcefully regulating internet security at the network level, as they’ve found that a “large and diverse number of IoT vendors…hinders coordinated efforts to build security by design into the IoT on a voluntary basis.”
On January 1, 2020, California’s new Internet of Things Security Law also goes into effect. The law is the first IoT-specific security law in the United States and requires all IoT devices sold in California to be equipped with “reasonable security measures.” For example, each device needs to have a unique password. Most new IoT devices will have to be built to conform to these standards or the manufacturer may not be able to sell their product in the California market.
While these strides are encouraging, the billions of IoT devices already in the wild are vulnerable. Companies and individuals who purchase and implement these devices need to take precautions to ensure that their data privacy and security vulnerabilities are minimized.
The Department of Justice suggests some of the following tactics:
● Research to ensure that devices being bought and used don’t have any known security flaws.
● Secure devices by changing default passwords, ensuring passwords are complex enough to be hard to hack, and downloading security patches.
● Ensure the network your IoT device runs on is also secure.
● Isolate IoT devices on their own network to minimize the “attack surface” available to a potential hacker.
● Don’t connect devices to the internet that don’t need to be connected.
Creating and maintaining a secure environment for our IoT devices seems pretty daunting — because it is. Security can’t be an afterthought; it has to be taken into account at every step to prevent lapses in privacy and safety. If you don’t feel comfortable securing yourself, find someone who can help you. Consult a local tech expert for your smartphone and/or personal laptop. A security operations consulting firm can provide guidance for your company or
Don’t ignore the vulnerabilities that surround you every day.
IoT & Business: Risk vs. Reward
Without a doubt, there are upsides to IoT. They’re a low-cost replacement for labor, they rarely malfunction, and they don’t need to rest or take breaks. IoT devices in the physical security space (cameras, alarms, etc.) provide real-time
security alerts, audit trails, geofencing, and more.
For a forward-thinking security system owner who wants state-of-the-art protection at a low cost, the rewards far outweigh the risk. This is especially true since automating through IoT solutions is proven to reduce maintenance and operation costs for just about any business or non-profit.
It’s not just a game-changer to be able to view camera feeds,track device status, and manage access control from across the room or across the world; it’s a fundamental transformation in the way we ensure the safety of the people, places, and things we care about.
The Internet of Things is here to stay. We won’t be returning to the old days of isolated but more secure environments. We need to plan for a future where IoT is a powerful, well-protected, and secure tool to make the world a safer place.
Those who choose to remain in the analog world will run the highest risk of obsolescence and inefficiency, and businesses who are left behind will struggle to compete in markets where technology never sleeps.
About the Author:
Jonah Schrowang is passionate about building great products and exciting, innovative solutions. As SiteOwl’s Product Manager, Jonah learns about the problems faced by security integratorsand system owners and works with the design and engineering teams to solve them.