Are We Going in the Right Direction as Far as IoT Devices are Concerned?

As more consumer devices are internet-enabled, privacy and safety issues have become hot button issues. Those who want to protect their own security can take steps to improve their IoT outlook.

580
A person holding a smartphone with two arrows in different directions
Illustration: © IoT For All

Where is the future of IoT going?

Technology journalists, engineers and even small business owners have been extolling the virtues of Internet of Things (IoT) devices since the term first became relevant. However, some experts are now warning against the unmitigated growth of these devices as they begin to enter into many areas that have never traditionally relied on digitization.

At one point, IoT specialists only ever designed applications for industrial sensors and smart security systems. Today, it’s possible to walk into a discount store and buy a toaster with WiFi capability.

As IoT technology interfaces with almost every single type of device imaginable, some people are beginning to ask whether the market is moving in the right direction as far as IoT equipment is concerned. On the other hand, many consumers don’t seem to be heeding even simple privacy warnings provided by manufacturers.

How Society Grew to Embrace Computers Everywhere

Back in the 1970s, some forward-thinking individuals like Paul Allen and Steve Wozniak were talking about a future where personal computers were affordable enough that everyone could have them. Pundits believed that such predictions were unrealistic, so few people tried to stop them. Larger competitors didn’t concern themselves with the situation, so legislators weren’t concerned about the possibility of monopolistic business practices.

Move a few decades forward in history and you’ll find that the companies these people started now controlled an entire market. Several major antitrust suits were filed as attorneys and other traditional powerbrokers desperately tried to rein in the tech industry. Push the fast forward button again and you’ll end up in an era where sensors are attached to everything and engineers are finding new IoT applications on a daily basis.

Production engineers still rely heavily on sensors attached to factory equipment while RFID and GPS technology has helped these same technologists follow supply chains. However, insurance companies have also offered policyholders discounts for adequate use of fitness wearables. Smart cameras and thermostats are now in a fairly sizable percentage of homes in a number of developed countries.

This is at least in part because, when IoT developers made these predictions, relatively few of those who heard their message really believed it. It was doubtful that anyone would be able to achieve this level of adoption, which in turn meant that there wasn’t really any reason for people to be concerned about the possible negative effects of widespread use of devices initially promoted as timesavers.

Mounting concern about this unprecedented level of growth is focusing on privacy and security issues as well as those dealing with health.

IoT Adoption Explosion in Every Sector

The IoT industry as a whole is projected to reach $3.77 trillion by the end of the year, which is growing over 3 percent according to a recent manufacturing industry report. It doesn’t seem like there’s much of a chance of it slowing down, either. One of the reasons that new telecommunications technologies have to be phased in is related to the fact that all of this infrastructure is generating a ton of data.

Privacy issues immediately become paramount as a result of this level of adoption. Since few controls were placed on IoT equipment in the past, lawmakers are trying to create a new legal framework that would set specific limits on what companies can do with the massive amount of data developers collect about those who use their products.

Terms of service agreements tend to spell out everything that a company plans to use someone’s information for, but it’s hard to tell whether or not all developers have played by their own rules. It’s very possible that some are starting to use data in ways that aren’t consistent with policies they’ve had their customers agree to.

Rogue actors could always take information and use it as they please. A disgruntled employee who steals plaintext files from work will have already committed a crime in the process. It’s therefore doubtful that they would be all that concerned about acting within the terms specified by an IoT device’s clickwrap license.

Governments around the world can also make demands regardless of whether or not such a demand would be in keeping with the spirit of a company’s privacy policy. Few developers would ever refuse a court-issued warrant. Due to the global nature of the internet, some data may have found its way onto a foreign server. If that happens to be in a country that doesn’t respect privacy very much, then users shouldn’t expect their own nation to go to bat for them.

On top of this, there’s the question of whether or not this data is secure from the consumer’s end.

Outside Security Issues Assaulting IoT Devices

Policymakers in Japan have authorized what constitutes a mass attempt to crack unsecured IP addresses in order to prepare for the 2020 Olympic Games in Tōkyō. By carrying out a series of nationwide cyberattacks, the Ministry of Internal Affairs and Communications hopes to find IoT devices that simply lack any sort of security at all. They’ll also be sniffing out devices that have common passwords like “admin” or “1234”.

Many users haven’t switched the default username or password on their devices, and experts have suggested that a majority of people aren’t aware of the existence of IoT control panels to begin with. Japanese is written using multiple character systems, and computer security experts will also probably try testing various common Unicode patterns to spot those who might never have touched a configuration screen.

Those who know the right port numbers could have easily accessed any of these devices. Even if manufacturers abide by their stated privacy guidelines, this doesn’t change the fact that people can connect to an unsecured device and start stealing data.

Perhaps the most dangerous situation occurs when users are unaware of the fact that something is transmitting data. While most smart home gadgets are forthcoming about the kind of data they send to a remote server, it seems that a comparatively small percentage of users take the time to fully read all relevant product data.

This is where SHODAN has come into play.

A Search Engine for IoT Devices

Search engines normally map resources that are fully visible. In some cases, IoT equipment could be making itself visible without users being aware of it. A search engine calling itself SHODAN has found that some 50,000 different devices were sharing keys on a single common port.

Chances are that a good number of these solutions were largely unnecessary. Consumers often purchase equipment that they don’t require and install it without configuring it. While this initial group of devices seems to have been cleared out, SHODAN continues to track countless pieces of equipment that transmit data streams without their owners knowing.

Inexpensive microcontrollers, like the Arduino module, are sufficient to add internet connectivity to almost any device imaginable. However, they often lack the capabilities to firewall a device. Even those like the Alexa Connect Kit that is backed by a major hardware vendor and rely at least in part on closed-source design are still vulnerable.

The big question in all of this is whether consumers really even need these innovations to begin with.

Consumers Are Putting Themselves at Risk with No Real Reward

In many ways, the greatest tragedy in all of this is the fact that consumers are getting very little reward out of what they’re risking. IoT devices work great in the security and industrial sectors, but there’s not much to be gained from using a smart teapot in a majority of residential settings.

Even the most useful devices may do relatively little in any situation where people wouldn’t much use the original piece of gear that’s being replaced.

For instance, someone who always opens their windows wouldn’t save any energy by installing a smart thermostat. In fact, they might end up using more electricity and sacrificing some level of privacy in the process.

Smart refrigerators might help to prevent food spoilage in commercial settings, but they wouldn’t do much to protect individual consumers. At times, it seems like people have gone full steam ahead without considering any of the consequences involved.

Which Direction is the Future of IoT Moving In?

Currently, the IoT sector is still too new overall to tell. However, it certainly does behoove the industry as a whole to educate consumers about the potential dangers they’re putting themselves in as well as the possibility of overreach by the government and third-party organizations. Some are even calling for the industry to slow down in order to better evaluate the situation.

By working with end-users, IoT developers can avoid the fallout that comes with negative publicity and help protect their investments.