IoT, the Internet of Things, has been getting a lot of hype over the last few years. “It’ll make our homes smarter.” “It’ll make our cities more efficient.” “It’ll make commerce and industry better.” “It can even save lives.”
Imagine a smart home full of IoT devices. You’ve got:
- A heater that knows you’re driving home and starts warming the house
- A door lock that unlocks when you show your face
- Lights that turn on when you get in, and turn off when you’re away
- An oven that starts warming up because it knows you’ll be cooking dinner soon
- A fridge that will notify you that the milk has expired
- A washing machine and dryer that laundered your clothes just when electricity was cheapest while you were at work
- A TV that turns on and goes to your favorite YouTube channel’s latest video just as you sit down for dinner
- And, of course, Alexa listening on your Amazon Echo, constantly ready and waiting for your every command
Sounds great, doesn’t it? That doesn’t even include the traffic lights that stayed green for you ‘cuz you were going home late and nobody else was on the road, or the coffee maker at the office that knew you were just about to arrive and already brewed a fresh cup for you just as you got in.
While all these benefits of IoT are very real future possibilities, the threats to privacy and security that the Internet of Things poses are already present-day real-world problems, with no signs of getting fixed.
The privacy concerns are obvious: many of the benefits I mentioned require the devices to know your exact schedule, location, and habits. And since they often have to be connected to the internet or tracking you somehow to do all that, anyone on the internet could potentially hack into any one of them and start spying on you. Or, forget the hacks; cops can just get a warrant to force Apple/Amazon/Google to give them access to all your data and start spying on you in real-time.
Think that’s too far-fetched? Well, I guess you’re right; the cops wouldn’t need a warrant. Amazon would just partner with them, and Google would just give it away. Meanwhile, Apple might put up a big show about standing up for users’ privacy, but they didn’t seem to have any qualms with sharing users’ data with the US NSA from 2007 to 2013, until Edward Snowden came along and leaked the PRISM Program.
But it’s the security concerns where things get interesting. Let’s go back to that smart home that I was talking about, and imagine a world where everyone lived in a similar home. Wouldn’t it be cool to be a criminal in such a world?
- Instead of hiding in bushes to figure out when people aren’t home, just hack into random smart TV’s/lights/ovens/fridges/washing machines on the internet to figure out when people aren’t home
- Instead of trying to break down doors or pick locks, just hack into random smart door locks you can find on the internet and see which ones unlock
- Instead of bugging someone’s house, just spy on them through their TV or Amazon Echo
- Instead of vandalizing someone’s home, just turn their washing machine on to flood their floor, turn their fridge off to spoil their food, turn their lights/oven/heater on to raise their bill, and make their TV download illegal copies of movies to get them blacklisted by their ISP
- And do all this from halfway around the world, behind a VPN
ʕ·ᴥ·ʔ: But, nobody would do such a thing, right?
Oh, no, of course not. There’s no such thing as petty, nefarious humans.
ʕ·ᴥ·ʔ: Phew! Good! Us bears neither!
So as you can see, securing a smart and connected home is much harder than securing a “dumb” and “disconnected” one. And as bad as the situation is with my imaginary smart home full of IoT devices, things get much worse when you go into the present-day Industrial Internet of Things, or IIoT.
Smart blackouts
The Industrial Internet of Things is just IoT devices as part of the industrial sector, like power plants and water treatment facilities. IIoT does bring some real benefits to these industries, like better data collection, saving staff the trouble of traveling to remote locations for maintenance, stuff like that. The thing is, a lot of very dangerous risks are introduced as well; risks that aren’t just in some imaginary future, but already affecting our present way of life.
For example, if a power plant operator can control electricity-generating systems from miles away to keep them from failing, then a hacker can control those same systems from even more miles away to make them fail. And that’s not a hypothetical worst-case scenario; just ask the Ukrainians who lost power to their homes in December 2015, thanks to hackers all the way in Russia. Think that’s a one-off? They did it again in December 2016.
And it’s not just the electrical grid that’s at risk, either. There can be explosions at oil and gas facilities, water no longer flowing or being poisoned, and even nuclear reactor meltdowns.
ʕ • ᴥ • ’ʔ: Scaaaaary! Why are we even doing this again?! Sounds like a terrible idea!
Because connecting all these systems to the internet gives us more access and control over them, allowing us to manage them more efficient and easily, save money, make more money, provide convenience, etc. So there are some real benefits to doing all this.
ʕ • ᴥ • ’ʔ: And real dangers!
Yes, real dangers too, because easier access and control for the good guys often also means easier access and control for the bad guys.
But that doesn’t mean we should give up on the idea of an Internet of Things. Actually, in all likelihood, we can’t give it up. This technology is coming, whether we want it to or not; and companies will embrace it, whether they do so intelligently or not. The benefits – potential and already realized – are just too great for us to ignore. So what we need to figure out is: when we should use the Internet of Things; and when we should just stick with good, old-fashioned low-tech. And when we do do things the “smart” way, how to minimize the risks.
Dumb solutions
So let’s go back to that smart home full of IoT devices. How much of that stuff do you really need or want? Like, do you really need a heater or an oven that starts warming up just as you’re about to get home or just as you’re about to start cooking dinner?
ʕ·ᴥ·ʔ: Well, I guess not.
Would you rather try to secure the software and internet access on those things, or would you rather just use their low-tech counterparts that you don’t have to worry about?
ʕ·ᴥ·ʔ: Well, alright, that’s hard to argue with.
Now how about that washing machine and dryer? Sure, running when electricity is cheapest and saving money is great, but do you really need it to be connected to the internet? Like, wouldn’t it be enough to just put an internal clock on the machine and set it to start running at a specific time – the time when you know electricity is cheapest?
ʕ·ᴥ·ʔ: Hmm, yeah. And then there would be no internet connectivity involved.
Exactly. Go ahead and have a smart washing machine/dryer, just leave it disconnected from the internet.
The same can be said for a lot of the other stuff in our imaginary smart home:
- Keep your smart fridge off the internet. Hey, if it really is smart, it’ll know that that open carton of milk is expired without having to ask Google.
- Keep your smart lights off the internet. If they’re smart, they can just tell you’re around with Bluetooth, instead of needing an internet-facing app on your phone to tell them over the internet.
- Keep your smart door lock off the internet. You only have one face; your smart door lock really doesn’t need Google Cloud AI Platform or IBM Watson to tell it who you are.
- Keep your smart TV and Amazon Echo off the internet too when they don’t need it.
At the end of all that, you really only need your TV and speaker connected to the internet at any one time (not all the time) and none of that other stuff.
Feeling smarter by living dumber? Maybe you’re feeling good about your not-so-smart home but think that your smartphone is still too connected for your own good. Well, next month, I’ll be talking about how to secure your contacts, calendar, notes, and even passwords in case you can’t or aren’t willing to keep them dumb and disconnected. If you wanna’ be notified of that, then consider subscribing. You’ll be notified of new articles (and only new articles) if you submit your email address down below or subscribe to my RSS feed linked to in the menu.