What is Internet of Things and how secure is it?

Internet of Things, or ‘IoT’, is a term you have probably come across before. But what does it do? And what does it mean? “What is IoT?” is a popular Google search term, and the first thing that appears on our search suggestions in relation to IoT. Some well-known examples of IoT devices include Amazon Alexa or a Samsung Fridge. There are some surprising devices that are IoT but it’s not as intimidating as it sounds.

In simple terms, IoT refers to a system of interrelated, internet-connected objects, that are able to collect and transfer data over a wireless network, without human intervention. At first, this can sound somewhat sinister as concepts drawn up by the Terminator are omnipresent. However, in reality, they are not actually artificially intelligent but instead follow a set of instructions e.g. turn on; turn off, turn heating up, turn heating down.

As you can see in the infographic above, there are a lot of connected devices that a typical household may have in their possession and use on a regular basis. This is on the rise and will continue to increase in the upcoming years. Why? Because of how our society is developing and consistently bringing new technology into our everyday lives. This, of course, is not a bad thing, but it should be something that homeowners and business owners are aware of due to security factors and potential cyber threats.

The potential for IoT devices seems endless. Professor Mathias Wahlisch from the University of Berlin elaborates the potential for IoT at home, painting an idealistic picture of the potential this could bring to our everyday lives:

“Imagine your fridge has the ability to monitor dates on the contents of it, your butter is expired… your doorbell rings with a delivery and it’s some more butter.”

However, the question is where and how this information is secured and what is done with it. Numerous tech giants have previously come forward in regard to privacy; Apple has apologised for an audio review scandal and Amazon have admitted their employees listen to Alexa conversations.

This has urged industry leading organisations to push for regulation of IoT devices and secure by default settings, meaning data protection by the default settings.

The additional issue is not only where it communicates, but how, and is it secure? Is it encrypted? Is it possible for a hacker to get into your network via the devices you have in the office or your home? Hacking personal data can not only be detrimental from a personal point of view, but also costs businesses and livelihoods billions a year by countries data. As of 2020, it has cost UK businesses £87 billion since 2015 and on a personal scale, the cost of cyber crime is £27 billion per year.

As this technology continues to become cheaper, its usage becomes far more omnipresent and therefore, as a consumer and business owner, you should always be aware of what is in your home or workplace. Regulation is essential to this part of the industry. Some larger tech companies shirk their responsibilities on to the consumer, when they should in fact be packaged and sold to you with a marking that details if the product has been proofed. Not only this, but it should also display clearly where the data is stored, or if it isn’t. IoT in the not so distant future will not only be recognisable with the wealthy, but with all walks of life and across multiple households.

The aforementioned lack of regulation is deeply concerning as it means products such as toys, cheap smart phones and lights are now on the market and are are untested and potentially exploitable for unsuspecting buyers. The DCMS (The Department for Digital, Culture, Media and Sport) are trying to counter this in partnership with IASME and two other organisations. Their proposal elements are;

  • The removal of default passwords from these devices meaning there is no barebones way of cracking products. This means they have essentially an individual pin.
  • A clear vulnerability management policy listed to retailers but buyers of the product listing known issues and ways to prevent.
  • Every product must have a defined life support, how long the product is going to be supported via updates etc.

Businesses are required to provide information on their product for it to receive, effectively, a rubber stamp of approval giving consumers the confidence when purchasing their goods. If companies are not concise with the data provided, they will be penalised accordingly.

IoT certification should be a must for all governments to protect not only its citizens, but also its businesses, because as an organisation you could be liable for damages if the fault is on your product. IASME is developing this program for manufacturers to proof their products for production but also to show governing bodies of this risk.

If you are a manufacturer interested in the Internet of Things certification pilot for FREE, please contact [email protected] for further information or here for the overview of the pilot program.