Your Refrigerator. Appliance or Accomplice?
If hackers are hungry enough for information, your refrigerator is not off limits. They’re not interested in what’s inside it. Rather they want to get inside, gaining access to the computer network it’s connected to so that they can steal whatever information, online credentials or data they can get their hands on.
To a hacker, every Internet-connected refrigerator, Smart TV or Thermostat, it’s much more than an appliance. It’s an opportunity.
Consider what some hacker accomplished in September of 2016 when they scoured the web for IoT devices protected by little more than factory-default usernames and passwords, and then enlisted the devices in attacks that hurled junk traffic at online targets (Amazon, Twitter, Tumblr, Spotify and Netflix) until these targets could not accept legitimate traffic.
Connected technologies are developing at warp speed. At January’s global Consumer Electronics Show in Las Vegas, Nevada, Internet-connected appliances like refrigerators that can reorder food, Internet-enabled washer and dryers that can take multiple laundry loads at once, and a make-up mirror that offers makeup advice were among the latest high-tech, Internet-connected devices to make market debuts. And they won’t be the last.
This is the beginning
The Internet of Things concept first became popular in 1999 through the Auto-ID Center at the Massachusetts Institute of Technology (MIT). Ten years ago, the principal devices accessing the Internet were PCs and laptops – it was a simpler world to understand and describe. This rapidly changed, however, in the years that followed.
First, the smartphone changed the way people consumed online services and interacted with the world. Other computing devices followed; mainly consumer electronics but also additional industrial devices. Around 2010, the amount of devices scaled linearly with the number of users and growth was mainly through establishing new geographical markets and increasing uptake. It was still easy to tell what was connected to the internet and what was not.
Picking Up Pace
Around 2012, something dramatic happened. Connections to the internet started picking up beyond the linear scale with people and things started to grow at a greater pace than previously seen.
Researchers predict somewhere between 20-50 billion connected devices by 2020. If these predictions hold true, and there are conservatively 10 billion connected devices today, some 250 new devices will have to connect per second to fulfil this prediction. Regardless of the exact number, today the number of connected devices has already surpassed the world population of about 7.5 billion.
The public internet allows IoT devices to be sensed and controlled remotely, creating opportunities for more direct integration between the physical world and computer-based systems. This results in improved efficiency, accuracy and economic benefit. Each “thing” is uniquely identifiable through its embedded computing system but is able to interoperate within the existing Internet infrastructure.
"Things," in the IoT sense, can refer to a wide variety of devices such as heart monitoring implants, biochip transponders on farm animals, smart watches, learning or smart thermostats, automobiles with built-in tire pressure sensors or DNA analysis devices for environmental/food/pathogen monitoring. These devices collect useful data with the help of various existing technologies and then autonomously flow the data between other devices.The ability to network embedded devices with limited computing power, memory and power resources means that IoT finds applications in nearly every field, every industry. The opportunities are endless! (See our infographic).
The ultimate goal of IoT is to increase operational efficiency, power new business models, and improve quality of life. By connecting everyday objects and networking them together, we benefit from their ability to combine simple data to produce usable intelligence. In the 2014 Digital Universe Study, conducted by technology firm EMC and research firm IDC, the IoT was credited for creating new opportunities for business in five main ways:
- New business models: The IoT will help companies create new value streams for customers, institute processes that speed time to market, triage market performance, and respond rapidly to customer needs.
- Real-time information on mission-critical systems: With IoT, organizations can capture more data about their processes and products in a more timely fashion to create new revenue streams, improve operational efficiency, and increase customer loyalty.
- Diversification of revenue streams: The IoT can help companies create new services and new revenue streams on top of traditional products, e.g., vending machine vendors offering inventory management to those who supply the goods in the machine.
- Global visibility: The IoT will make it easier for enterprises to see across the business regardless of location, including tracking effectiveness and efficacy from one end of the supply chain to the other.
- Efficient, intelligent operations: Access to information from autonomous end points, as today’s smart grid already supplies to utility companies, will allow organizations to make on-the-fly decisions on pricing, logistics, sales, and support deployment, etc.
With these opportunities however comes a greater potential that more personal information and business data will exist in the cloud and be passed back and forth, and with that comes significant security implications. To capitalize on the opportunities that IoT brings will require not just networked connections but secure networked connection. Security is not just a top consideration, but one that is foundational to delivering on the promise of the vision.Sweet but not exempt from criticism
The IoT big public debate focuses on the balance of “security versus freedom” and “comfort versus data privacy”. The unease centers primarily on personal data that is automatically collected and could be used by third parties without people’s agreement or knowledge for unknown and potentially damaging purposes. Smart objects can accumulate a massive amount of data. Since this typically takes place unobtrusively in the background, we can never be entirely sure whether we are being “observed” when transactions take place. Individual instances of observation might seem harmless enough, but if several such instances were to be amalgamated and forwarded elsewhere, this could under certain circumstances result in a serious violation of privacy.
Irrespective of the data protection issues, there is also the question of who owns the mass amount of the data. This data could have significant commercial or social value, and an unclear view exists as to who would be entitled to use it and within what legal and ethical framework.
Somebody's Watching Me
The American Civil Liberties Union (ACLU) expressed concern regarding the ability of IoT to erode people's control over their own lives: "There’s simply no way to forecast how these immense powers -- disproportionately accumulating in the hands of corporations seeking financial advantage and governments craving ever more control -- will be used. Chances are Big Data and the Internet of Things will make it harder for us to control our own lives, as we grow increasingly transparent to powerful corporations and government institutions that are becoming more opaque to us."
Researchers identified privacy challenges faced by all stakeholders in the IoT domain, from the manufacturers and app developers to the consumers themselves. Challenges include:
- User consent: Somehow users need to be able to give informed consent to data collection. Users, however, have limited time and technical knowledge and may not grasp the data privacy implications.
Freedom of choice: Both privacy protections and underlying standards should promote freedom of choice.
- Anonymity: IoT platforms pay scant attention to user anonymity when transmitting data. Future platforms could, for example, use technologies so that users can't be too deeply profiled based on the behaviors of their "things".
Concerns have also been raised that the IoT is being developed rapidly without appropriate consideration of the profound security challenges involved and the regulatory changes that might be necessary.
Avoiding Criminal Connections
Computer-controlled devices in automobiles such as brakes, engine, locks, hood and truck releases, horn, heat, and dashboard have been shown to be vulnerable to attackers who have access to the onboard network. In some cases, vehicle computer systems are internet-connected, allowing them to be exploited remotely. By 2008 security researchers had shown the ability to remotely control pacemakers without authority. Hackers later demonstrated the ability to remote control insulin pumps. And, yes, refrigerators have proven vulnerable to hacking too.
Despite the concerns, the interconnectivity of things holds great promise. More smart, Internet-connected “things” mean more opportunities for businesses who take their cyber security seriously.