Safety and the IoT - For Better or Worse

Apr 29, 2016 - by Art Shectman

This is Part 3 of a series. Please click here for Part 1 and here for Part 2.

Applications that make use of the Internet of Things and its flood of data can be tremendously beneficial in very practical ways. There are problems, to be sure, but there is enormous promise. 

Take, for example, just one sector of the economy where the IoT has obvious uses. In transportation, the IoT can facilitate smart traffic control, fleet management and logistics, electronic toll collection, communication between vehicles, emergency assistance and more.

"Today's hot-button topics of the Internet of Things are security and privacy, two sides of the same coin."

 

If that’s not enough, consider the possibilities for managing transportation infrastructure. In the United States these days, we’re notoriously lacking when it comes to bridge and road maintenance, and we’re sometimes slow to identify problems before they become catastrophes. 

In 2007, the sudden collapse of Minnesota’s second busiest bridge killed 13 people. This was a bridge built in 1961 to existing construction standards. It even had a “smart” feature that was added in 2000: a system of temperature-sensitive nozzles designed to keep the roadway free of black ice. That was the bridge’s one and only concession to automated safety. 

A bridge built in 2016, however, can do more. Build it with smart cement that monitors its own structural integrity and issues an alert when it needs attention. Those same sensors can serve more mundane purposes. Enable them to detect icing on the bridge, and they can alert drivers to dangerous conditions. What if drivers don’t slow down? If they fail to heed the warning, their smart cars can make the decision for them.

Whether we want to cede control of our cars to the machines is, of course, a different question, and it points to aspects of the IoT that are worth at least a dash of skepticism.

Today’s hot-button topics of IoT concern are security and privacy, two sides of the same coin when we talk about the Internet in any guise.

The immediate obstacle is the absence of industry-wide standards, but it’s not a concern that is going utterly unaddressed. In September 2015, the Internet of Things Security Foundation set up shop with the aim of educating companies in the IoT space and establishing standards, best practices and certification guidelines for connected devices. While the IoTSF has brought a few large tech companies on board, its reach is hardly universal.

One thing that is universal is the risk, a risk demonstrated by the long list of connected devices that have been successfully hacked already. 

Cars have been hacked through a variety of entry points. Baby monitors have been compromised. A talking doll, Internet-connected and equipped with Google Translate and speech recognition software, was made to say words that parents would not appreciate.

Some hacks have been matters of life and death. In 2012, one security researcher demonstrated his ability to remotely control pacemakers, an ability with homicidal implications. Three years later, another researcher exposed vulnerabilities in insulin pumps that would allow a hacker to disable the pump’s alarm for inappropriate dosage. With a little more work, he found a way to change the dosage entirely, another hack with potentially deadly consequences. 

The silver lining, if there is one, is that these vulnerabilities weren’t uncovered by casual hackers but by security specialists, and manufacturers were quick to patch them once flaws became known. 

On the other hand, where security specialists go, malicious hackers are sure to follow. Given that their motives are generally financial, it may well be that they haven’t quite figured out how to monetize the IoT. It’s hard to believe that they’re not giving the problem some thought, and they have two important factors working on their behalf.

To begin with, there’s the nature of many of the companies producing the things that make up the IoT. Security has never been of primary concern to manufacturers of dolls, baby monitors, medical devices and home appliances. 

Cars, for all the processing power that’s now on board, have only recently been seen to need protection from hacking. It was enough to make them hard to steal and to adjust the mixture of air and fuel in the engine. Security in an online world was never a concern.

And that same attitude finds a parallel in the minds of users. We now have to think about securing things that never would have posed a threat until quite recently. Is my dishwasher the weak point that a hacker can exploit to gain access to my home network? Is it my light switch? My remote control?

For the IoT to flourish and to deliver on its promise, attitudes will have to adjust, but we shouldn’t count on users to do the adjusting. 

When “123456” has been the most popular password for three years running, IoT security needs nothing less than professional – dare we say “idiot-proof?” – intervention.