The Internet of Things, or IoT as most abbreviate it to these days is the concept of everything being connected. This initially refers to the Internet, however the more powerful concepts mean devices being connect to the Internet and to each other. But with great power comes great responsibility1, one which most consumers are completely unaware of.
The IoT has the potential to be really great. It’s a little bit cyberpunk, a little bit dystopian and a lot cool. It makes you feel like you’re really living in the future. Your fridge can order more milk for you before you even know that you’ve run out2, your water bottle can give you a handy hint that it might be time to re-hydrate3, hell you can even boil your wifi kettle on your way home from work so you don’t have to waste the three precious minutes of your life idly twiddling your thumbs waiting for it to boil when you actually get home4. The list goes on and on, bluetooth door locks, cameras inside your fridge so you can watch your vegetables rot in real-time, the ability to feed your pets whilst you sip strawberry daiquiris and watch a wonderful Caribbean sunset, basically if it’s a thing that exists you can probably find an Internet enabled version of it.
In many cases this can be (and is) great. Being able to leave your pets at home for a few days while you go away, and having them fed automatically is pretty neat and kind of liberating (the fact that you can’t just ask your neighbour to help you out anymore is a topic for another post). But as these devices begin to slowly permeate our day to day lives what happens when something goes wrong or doesn’t work quite like it’s supposed to? Imagine the service you trusted to feed your pets goes down for maintenance? Do you really want to cut your trip short and head home? Did you even get the email that said the PetFeedr2.05 API was having scheduled maintenance while you were away? Doesn’t matter. Your pets are now dead.
Perhaps that’s a bit harsh, but that’s the reality when you rely on third-party platforms to feed your pets. Now let’s try another scenario, imagine if you will that the PetFeedr2.0 consists of two components, the PetFood2.0 and the PetWater2.0 respectively providing food and water to your beloved furry pals. While you’re away your wifi router resets and through some freak of nature the PetFood2.0 can’t communicate with the PetWater2.0 anymore. Maybe these things can operate independently of each other, but what if (for the sake of argument), in this instance they can’t and since the code for these appliances was written by a stressed out, underpaid, emotionally fragile developer a bug exists (as so often does in software written by human beings) whereby when these two devices can’t connect to each other anymore, neither will work. Guess what? Your pets are now dead.
Even worse is that you are now solely responsible for the security of your home network and all the devices connected to it. This is literally a full-time job for someone with an IT qualification. Until home networks are able to be secured easily by anyone and are fault tolerant enough for the most non computer-savvy consumer then the IoT poses a threat not only to the security and privacy of the individual, but to the entire Internet. I’m not making this up. Recently a hacker created a botnet6 called Mirai which essentially searches the Internet for all these insecure IoT devices and then recruits them to do bad things. This was then used to attack a company called Dyn7 who just so happen to run some pretty critical pieces of infrastructure that power the Internet. What happens when Dyn are attacked by all these little IoT devices you ask? Well, the websites of some pretty major companies like Twitter, Netflix and Paypal go down. Also, most likely the website or API that’s powering the PetFeedr2.0 goes down too. Everybody’s pets are now dead.
So how can we fix this? The Internet of Things is happening whether you like it or not and just because you wouldn’t watch a movie on your fridge8 certainly doesn’t mean people shouldn’t be allowed to. The way I see it there are a few things that can be done in order to protect consumers and the rest of the world from these devices.
Manufacturers of IoT devices need to take more responsibility for security
The first being the security of their device. Backdoors, hard coded encryption keys and any other negligent security risk should be the responsibility of the manufacturer. Independent verification of the software and hardware of each device should be the rule rather than the exception. Clearly this is a difficult, expensive and resource intensive, however an alternative could be sought through the use of open-source software whereby the source code for every device could be reviewed independently by anybody.
Home networking needs to be more secure
This is one hundred percent the toughest issue because it involves people. If computer networking was easy the job title “Network Engineer” wouldn’t even be a real thing. Home networking involves unskilled people randomly connecting lots of things to their router, crossing their fingers and hoping that the whole mess works together. Most of the time it does, which is a testament to modern software but leaves consumers unaware of the potential risks they may be exposing themselves to.
The IoT needs a standard method of communication
Currently most IoT devices are proprietary. That means that if you want to use your smart kettle to tell your smart cup something you probably can’t without a whole lot of hassle. A clear set of standards for IoT devices to communicate certainly wouldn’t go amiss. I’m just going to leave this link to a guy who spent eleven hours trying to make a voice activated cup of tea here.
A small disclaimer
While this article may seem all doom and gloom it’s purpose really is just to highlight some of the current problems the Internet of things is facing. These are not insurmountable but clearly show an industry still in it’s infancy. As a concept IoT is hugely exciting and the future will bring all manner of devices both good and not so good that will challenge the way we currently live.
Not a real company. ↩