Is the convenience of a connected world worth the potential trade-off between security, privacy, and innovation?
According to a report by the Internet Society and Consumers International, 53% of consumers distrust IoT devices’ ability to protect their privacy and handle data responsibly, while 28% of non-owners refrain from purchasing IoT devices due to security concerns.
Physical security professionals understand the trade-offs between convenience, security, and privacy and often find themselves caught between these competing concerns. While the IoT is here to stay, connectivity doesn’t have to come at the cost of security and privacy.
Here’s what you should know.
First internet-connected device
Believe it or not, the first smart device came online nearly 40 years ago.
In 1982, David Nichols, a graduate student at Carnegie Mellon University, got the idea to connect a Coke machine to a networked computer to report its inventory and temperature. This scheme wasn’t nefarious or conniving. The machine was a long way from his office, and he didn’t want to walk to discover that it was out of stock or (worse) freshly stocked with warm soda.
And just like that, the first internet-connected device came to be.
Heading into 2020, an estimated 50 billion devices comprise comprise what’s known as the Internet of Things. From soda machines and ovens to security cameras and card readers, these internet-connected devices empower us to do incredible things while collecting data and quantifying our lives.
What is the Internet of Things?
The Internet of Things (IoT) is a term that describes the system of computing devices and digital machines (all with unique identifiers) that can transfer data over a network without human interaction.
Your smartphone is a great example. It uses an internet connection to send and receive data on your behalf. Sometimes, it sends data because you ask (when you search for something or send a text message); sometimes, it sends data to function properly (keeping the clock updated).
Thanks to growing network connectivity, IoT has become a revolution. Using IoT devices, consumers can leave a store with purchases in hand without stopping at a cash register. Your refrigerator can order food for you, and cities can even use networks of cameras to track and manage traffic. The IoT professional services market is expected to grow from USD 79.0 billion (2018) to USD 189.2 billion by 2023 at a Compound Annual Growth Rate of 19.1% over the term.
Industrial and transportation sectors are big drivers behind this growing connectivity as factory automation, smart transport, and logistics engage in what’s been hailed as the 4th Industrial Revolution.
From an operational perspective, this makes sense. IoT-connected devices have become more sophisticated over the years, and the cost required to manufacture them and keep them connected to a network has steadily decreased. With such factors at play, some estimates put the number of connected devices as high as 1 trillion by 2025.
IoT devices will give us a more connected world, but that might not be great, depending on your perspective.
The Dark Side of IoT
Some IoT devices are technological wonders. Your smartphone is essentially a pocket-sized computer that connects you with the rest of the world from nearly anywhere
But that connectivity comes at a cost. Automation and smart logistics are direct results of internet-connected and devices. The race for efficiency will cost jobs and force us to reevaluate how we think about work and productivity.
Mikko Hyppönen,, one of the top computer security experts in the world, equates the Internet of Things with a carcinogen:
“Asbestos was such a great innovation. It looked like a miracle material originally. Such a great innovation, which then decades later turned out to be the worst innovation.”
He believes that anything that uses electricity will eventually be online whether we like it or not. This isn’t necessarily a good thing. Hyppönen likens IoT to the “asbestos of the future”, pointing out that so much connectivity is dangerous to our personal privacy and security.
Vulnerabilities in IoT
Hyppönen’s comments have some merit, especially if you consider that the Internet of Things has developed far faster than the technological infrastructure needed to support it.
In 2014, HP reported that “70 percent of commonly used IoT devices are vulnerable to cyberattacks and breaches.” This is driven home by the slew of high-profile breaches involving IoT devices, exposing the security and privacy issues the industry faces:
- Samsung smart TVs were found to have significant vulnerabilities: “A relatively unsophisticated hacker could change channels, play offensive content, or crank up the volume… This could be done over the web from thousands of miles away.
- A flaw in D-Link webcams allowed hackers to view unencrypted video streams. Workers for Ring, the IoT doorbell company, were caught watching customer video feeds. Orvibo, a Chinese smart home solutions provider, found they were “leaking billions of logs from devices… exposing a range of sensitive information about their users” (the hacked server was sitting in Amazon Web Services with no password protection).
- Researchers at UTSA discovered security vulnerabilities in smart light bulbs that could allow hackers to “send commands via the infrared invisible light emanated from the bulbs to either steal data or spoof other connected IoT devices on the home network. ”These security issues should justifiably worry us. It seems we’re connecting everything we can to the internet without thinking about what threats it will expose us to.
If you’re worried, you’re not the only one. A report by the Internet Society and Consumers International found that 63% of consumers distrust IoT devices to protect their privacy and responsibly handle data, and 28% of people who do not own a smart device will not buy one due to security concerns.
Some IoT devices are technological wonders. Your smartphone is a pocket-sized computer connecting you with the rest of the world from nearly anywhere.
But that connectivity comes at a cost. Automation and smart logistics are direct results of internet-connected and devices. The race for efficiency will cost jobs and force us to reevaluate how we think about work and productivity.
Mikko Hyppönen, one of the top computer security experts in the world, equates the Internet of Things with a carcinogen:
“Asbestos was such a great innovation. It looked like a miracle material originally. Such a great innovation, which then decades later turned out to be the worst innovation.”
He believes that anything that uses electricity will eventually be online whether we like it or not. This isn’t necessarily a good thing. Hyppönen likens IoT to the “asbestos of the future”, pointing out that so much connectivity is dangerous to our personal privacy and security.
Defending Against Threats and Physical Attacks in the Connected World
In light of the growing prevalence of IoT systems, addressing the security challenges and potential security threats that arise is critical. As IoT systems gain momentum, physical attacks like tampering and unauthorized physical access to devices and control systems become viable risks, necessitating vigilant security teams and robust security solutions to counter such threats.
To mitigate these security risks, stringent security measures are paramount, including:
- Establishing comprehensive security protocols
- Implementing secure APIs
- Deploying firmware with strong certifications,
- Ensuring data protection through robust authentication mechanisms
- Collaborating across sectors to enhance the resilience of IoT systems
Additionally, IoT devices operating on network edges require heightened defense against physical attacks and firmware tampering due to the potential for a single compromise to trigger a chain reaction of vulnerabilities.
Solving IoT Security
Consumer concern has led to some government action.
The FCC is working to reduce cybersecurity risk by forcefully regulating internet security at the network level, as they’ve found that a “large and diverse number of IoT vendors…hinders coordinated efforts to build security by design into the IoT voluntarily.”
On January 1, 2020, California’s new Internet of Things Security Law also goes into effect. The law is the first IoT-specific security law in the United States and requires all IoT devices sold in California to be equipped with “reasonable security measures.” For example, each device needs to have a unique password. Most new IoT devices will have to be built to conform to these standards or the manufacturer may be unable to sell their product in the California market.
While these strides are encouraging, the billions of IoT devices already in the wild are vulnerable. Companies and individuals who purchase and implement these devices must take precautions to minimize their data privacy and security vulnerabilities.
The Department of Justice suggests some of the following tactics:
- Research to ensure that devices being bought and used don’t undermine your network security.
- Secure devices by changing default passwords, ensuring passwords are complex enough to be hard to hack, and downloading security patches.
- Ensure the network your IoT device runs on is also secure.
- Isolate IoT devices on their network to minimize the “attack surface” available to a potential hacker.
- Don’t connect devices that don’t need to be connected to the internet.
Creating and maintaining a secure environment for IoT devices seems daunting. Security can’t be an afterthought; it has to be taken into account at every step to prevent lapses in privacy and safety.
If you don’t feel comfortable securing yourself, find someone who can help you. Consult a local tech expert for your smartphone and/or personal laptop. A security operations consulting firm can guide your company or organization.
Don’t ignore the vulnerabilities that surround you every day.
IoT physical security solutions are here to stay
Without a doubt, there are upsides to IoT. They’re a low-cost replacement for labor, rarely malfunction, and don’t need to rest or take breaks. IoT devices in the physical security space (cameras, alarms, etc.) provide real-time. The rewards far outweigh the risks for a forward-thinking security system owner who wants state-of-the-art protection at a low cost.
Elevate your IoT physical security strategy with SiteOwl, the world’s first unified lifecycle management platform for the security industry. Utilize purpose-built mobile and web apps to streamline design, installation, service, and vendor oversight. Gain actionable insights for optimized security investment. Embrace the future of security management with SiteOwl.
Request a demo today!
