Security and the Internet of Things

The Internet of Things (IoT) is a term meaning the network of physical things that collect and exchange data - a network of "smart" devices connected by the Internet.

If you live in a country that uses central heating systems and you recently installed a boiler, you might be part of the IoT - you may have a "smart" thermostat that allows you to control your winter heating while you are on holiday in Florida.

Other examples include washing machines that connect to your WiFi network so you can monitor them, more recent smart TVs, and numerous medical devices such as heart monitoring implants. Even some cars are Internet-enabled.

It's obvious that the IoT offers us a great deal when it comes to efficient management of our devices, for consumers, government and business. But there are significant reasons for concern, too.

The IoT has evolved in a haphazard manner, and is primarily driven by commercial interests. As is usually the case, the privacy and security of consumers are not their main concerns, and the potential for abuse is immense.

Privacy is an issue because more and more consumer data will be collected and potentially used in ways not foreseen. Consumer data is valuable, and is often sold on elsewhere, or provided to governments. Ideally, collected data should be anonymized, but this is difficult to regulate and consumers have no way of checking that this has been done - or of even knowing what data is being collected.

Security is also a major concern. Any device connected to the Internet is a candidate for hacking, and as the IoT becomes more pervasive, that may mean most of your house. If your manufacturer did a poor job of their device's security, your central heating system could be remotely controlled by someone malicious. Hackers have already demonstrated control of Internet-enabled cars. The FBI recently published a public service announcement warning about car hacking. It's also a scary thought having someone being able to view your security cameras. And can you trust the manufacturer of your device?

Given the number of industries and commercial interests involved, it is difficult to see how a standardized approach could be effective. Perhaps an accreditation programme will be necessary, where devices are submitted by manufacturers and audited for security and privacy. Consumers could then choose to only purchase devices that have been certified.

Industry is slowly realizing the magnitude of these concerns. The IoT Security Foundation was established in late 2015, and it will be interesting to see how they respond.

One thing is for sure, though. The IoT is here, and it's not going away. It is only going to get more inescapable as technology develops further. But are we sleepwalking into a privacy and security nightmare?

Posted by John Faulds in