The internet of things, often abbreviated as IoT, refers to physical objects or groups of such objects with sensors, processing ability, software, and other technologies that connect and exchange data with other devices and systems over the Internet or other communications networks. Internet of Things is a bit of a misnomer, as IoT devices do not necessarily connect to the internet; they could also be connected via Bluetooth or another wireless network. These devices are typically associated with the concept of the “smart home”, homes that are designed to utilize technology to automate and improve the home life. Some IoT devices have the potential to significantly improve the lives of their users, while others can pose some serious security risks.
The concept of a network of smart devices is a relatively recent phenomenon, dating back to 1982, with a Coca-Cola vending machine connected to the ARPANET. The machine was able to report its inventory and whether newly loaded drinks were cold or not. Computer scientist Mark Weiser wrote a paper in 1991 on ubiquitous computing, which established the contemporary vision of the IoT. However, the term itself originates from a speech by Peter T. Lewis in September 1985. According to Lewis, "The Internet of Things, or IoT, is the integration of people, processes and technology with connectable devices and sensors to enable remote monitoring, status, manipulation and evaluation of trends of such devices." There is not a significant, single development that led to the current state of the IoT; rather, technological advancements have gradually made computing technology smaller, cheaper, and more practical for a variety of applications beyond computers.
Today, a wide variety of “smart” products have become available to consumers, some more practical than others. One early example of IoT devices gaining popularity was the Ring doorbell, a camera attached to an integrated doorbell that allows people to stream the camera’s feed whenever it senses motion. Another company that found success in the early days of smart home technology was the Hue brand of light bulbs, known for providing control over the brightness and color of light bulbs via a simple tablet or phone app. These days, Google and Amazon are relatively dominant in their control over the smart home, thanks in large part to the Google Home and the Amazon Echo.
While the Amazon Echo is likely the most ubiquitous and well-known of the voice activated smart home hubs, with the Google Home right behind, others include Apple’s HomePod and Samsung’s SmartThings Hub. In addition to the commercial systems, there are many non-proprietary, open-source ecosystems, including Home Assistant, OpenHAB and Domoticz. All these devices are designed to allow the user to control things in their house or office with their voice, or occasionally a phone app. This can range from things as simple as turning on a lamp or playing music, to more complex applications depending on what other smart appliances are in the home. There are smart fridges, ovens, vacuums, and much, much more.
In addition to these more convenience-based applications in one’s home, there are many more important applications of the IoT you may be unaware of. For instance, all these simple automations can significantly improve quality of life for the elderly or individuals with disabilities. In addition, the internet of things is now vital in fields such as healthcare, transportation, manufacturing, agriculture, and more. The ability for devices to communicate with each other has become one of the most important developments of our lifetime, and it is important to acknowledge how it has grown well beyond applications in just smart-homes and other forms of simplistic, novel automation.
Now that I have established how the IoT is currently vital to modern infrastructure, it is time to discuss the dangers of the IoT. In 2012, video game developer Ubisoft made a huge splash at E3 with gameplay reveal of Watch Dogs. This gameplay showed a vigilante hacker character hacking things all over a near-future, semi-dystopian vision of Chicago. He hacked items such as traffic lights, trains, water pipes, bridges, and in the full version of the game, a climactic moment had him hack the pacemaker of one of the game’s antagonists. How is this fictional game from almost 10 years ago relevant to this topic? Well, nearly everything I described just then is possible using today’s technology.
Security is the biggest concern in adopting Internet of things technology, with concerns that rapid development is happening without appropriate consideration of the profound security challenges involved and the regulatory changes that might be necessary. Most of the technical security concerns are like those of conventional computers. Such concerns include using weak authentication, forgetting to change default credentials, unencrypted messages sent between devices, etc. However, in addition, many IoT devices have severe operational limitations due to the computing power available to them. These constraints often make them unable to directly use basic security measures such as implementing firewalls, and the low price and consumer focus of many devices makes a robust security patching system uncommon.
While you may not be that concerned about a hacker taking control of your Roomba, you probably should be. So the saying goes, a chain is only as strong as its weakest link; though not a perfect analogy, this applies to IT security as well. Often, hackers can use a vulnerability in a smart device as a mechanism to break into more important devices. Simultaneously, devices with cameras and microphones can be used to spy on their users, and you would be surprised at how much data these IoT devices can collect. Devices such as the Echo or Google Home are always listening for their “wake” word or phrase, so even if they appear dormant until you say that command, be aware that you may be recorded anytime you are around these devices.
The security risk surrounding IoT devices is not the only concern they have generated. In our prior blog post, when I wrote about identity and access management, that post was largely contained to apps and websites that collect user data. However, IoT devices are also legally collecting data on their users as well. Some aspects are helpful, and you may already be aware of them, such as the Roomba learning your floorplan to clean your home more efficiently. At the same time, now that Amazon has purchased Roomba, they will likely use that information to push relevant products onto their users, in addition to selling that information to other interested parties.
The internet of things is a simultaneously exciting and terrifying aspect of the modern technology landscape. It has improved the quality of life for hundreds of millions of people, and it is certain to only get more efficient and capable over time. However, we must be wary of this rapidly growing field, as it features many dangerous oversights in its capabilities. IoT devices are a nightmare for security and privacy, and like many other topics we have discussed on this blog, you should be hyper vigilant when it comes to technology that offers convenience while sacrificing the safety of you, your company, and your family.
Comments