July 18, 2018
By far the most pressing issue that gives many potential users second thoughts when buying connected devices is security. And those concerns are not necessarily ungrounded: IoT security is virtually non-existent in many of the available devices and sensors.
Take one recent event from September 2016 as an example: hackers used 1.5 million hacked IoT devices to take down the website of a well-known security expert. According to Level 3, most of the affected devices were security cameras made by a Chinese manufacturer.
A month before these attacks, security researchers had demonstrated how easy it was to hack into a modern smart thermostat. By gaining access to those thermostats, the researchers were able to lock the devices from their remote position, leaving their users with no choice of having to unlock those.This hijacking example, which is common for personal computers, allows hackers to kidnap devices and to only give back control after getting paid a fee.
And the prospects look even worse: Gartner projects that by 2020 there will be 250 million connected cars, creating 250 million attack surfaces for hackers. Herein lies the reason for IoT security being a very important and pressing subject matter. If we put an IoT device in every object around us, we’d open ourselves up to attacks on every object around us. Worse than that, hackers does not have to contend themselves with “hijacking” one car or one house at a time, they can hijack millions of cars or houses simultaneously if a vulnerability exists. In other words, criminals can “scale” their attacks in a way never seen before outside in the real, physical world.
A closely related problem to security is privacy. Remember how iCloud got hacked back in 2014, with very private images of various celebrities being leaked on the internet? Now, imagine what could happen if you have a house full of devices that lack necessary security measures. By connecting our physical world to the internet, we can go from leaked images to leaked… anything. You can say that IoT has the potential remove the curtains, both real and metaphorical, that we use to protect our privacy.
But not only hackers pose a threat to privacy. The founders of iRobot, a popular robot vacuum cleaner, said that they are looking into selling the data they are collecting. That announcement was news for those who had acquired the mentioned device and didn’t know that their vacuum cleaner could be secretly spying or collecting information on them and their living space.
And this touches on the third big headache of the IoT…
One of the most pressing questions in the context of IoT is: Who does the data generated by IoT products actually belong to?
Before I had started working at WATTx, my first guess was the end customer. However, many IoT manufacturers and companies, just like iRobot, think differently, arguing that consumers only acquire licenses that allow them to use programs and software.
As more and more things around us get connected, the questions of who owns what, and what the consumers’ rights are, must be answered.
The standardization of the Internet of Things is a almost non-existent mess. This phenomenon is nothing unusual: every new technology goes through a time with competing standards. As a technology matures, standardization usually follows and the market decides on one standard for one specific use-case.
A good example of how the market dictates standardization is the battle between VHS and Betamax. One of the main reasons for people getting VHS and Betamax recorders was that they wanted to record movies from their TV. VHS let you record for three hours, while Betamax only let you record for 60 minutes, so most people tended to buy VHS players. In the end, that meant the death for Betamax.
However, in IoT, there is yet no clear winner among the many different standardizations and protocols you have for the different application areas.
To provide an understanding of why that may be a problem, let’s dive deeper into communication standards that are a core part of any IoT solution. Without communication standards, devices can’t talk to each other. One of the most known and used standards is WiFi which has become an essential part of life in most of the richer parts of the world. We utilize it in our homes, and in our workplaces, as well as in almost every café or restaurant we visit. Now imagine a world where you didn’t have WiFi but instead three different, incompatible versions. Your favorite café would be using one standard, your local restaurant another, while your home router used a third one. Chances are high, that phone manufacturers would settle for one or two standards, leaving you with no internet access on your smartphone in one of those three places mentioned above.
And here’s the thing: in the IoT space, we basically have at least three different communication standards for every use case. For example, if you want to create a long-range, low-power IoT solution you can choose between using LoRa, NB-IoT, and SigFox, just to name a few.
To conclude: If we want our IoT devices to be plug-and-play, without having to worry about whether or not our new smart thing will work effortlessly with other devices, we need standardization. Not only in regards to communication protocols, but also for every aspect of the IoT. If this list does not become shorter in the years to come, we will struggle with making the transformation from smart devices to intelligent solutions.
WE ARE WATTX
10 principles Ange Royall-Kahin has learned for managing innovation environments
We at WATTx want to know your opinions about IoT security. Participate and answer our...
It’s time we stop comparing ourselves to Silicon Valley and start offering something different