Internet of Things (IoT) 101

Introduction

Imagine this:

Your alarm goes off in the morning prompting your coffeemaker to begin brewing a fresh cup of coffee, your blinds open to let the sun in and your shower sets to your desired temperature.  As you drive to work your car accesses your calendar for the day and redirects you based on traffic conditions if you’re running late.  When you arrive at your job the thermostat adjusts your office to your ideal temperature and as you print some contracts the printer recognises it is low on ink orders more for itself. 

While you’re away from home an app on your phone will notify you if your house has been broken into, if there is smoke, if there is a water leak, if you left a window open, if you left any doors unlocked, and so much more via the various sensors installed within your Internet of Things connected home (known as a ‘smart home‘).

At the end of your workday you arrive home to your refrigerator assessing what ingredients you have and their expiry date to propose a dinner recipe to minimise food waste.  Once you accept a recipe the oven preheats to the appropriate temperature and cooking time to ensure the meal isn’t under or overcooked. While the food is cooking and you walk around the house the lights turn on and off automatically as you enter and leave each room.  Finally, it’s time for bed and your smart watch delivers a summary of your calories consumed, steps taken, and other metrics reporting on your progress toward your predetermined fitness goals on a health app. 

That is the Internet of Things in action. 

What is the Internet of Things?

Simply put, take any electrical device, connect it to the internet (or give it the capability to if it previously didn’t) and have it communicate and share data with other connected devices.  Beyond initial setup and permission setting IoT ecosystems require little human input and make decisions based on communication with other devices (such as the coffeemaker with the alarm) and the permissions granted.  The Internet of Things is the ecosystem of all of these devices and can also include, to list a few:

• A car
• An animal with a biochip transponder
• Fitness watch
• Home assistants (such as Amazon’s Echo and Google Home)
• A lightbulb switched on from a smart phone app
• Whitegoods such as refrigerators and toasters
• Driverless modes of transport
• A pet cat or dog’s collar

The advantages of making virtually all electronic devices connect to the internet and share, analyse and act on data is described in the introduction of this article.  They are the various conveniences to life where one either saves time, saves money, has to make less decisions, or simply stands up from their seat less.  It is of course a growing industry as you may expect with many predictions in our research suggesting over 40 billion connected IoT devices by 2025. 

Alright, let’s talk privacy & security

A simple principle to start with is to always keep in mind is that anything that’s connected to the internet can be compromised or otherwise hacked and IoT devices are no exception. 

Privacy issues & concerns

Living in a ‘smart home’ with numerous connected IoT devices means you are creating data regarding when you’re not home as well as a mountain of data about what you’re doing when you are at home.  A Federal Trade Commission report found less than 10,000 connected households can generate up to 150,000,000 discrete data points every single day.  The sheer volume of data created not only increases how much data a bad actor can attain but can also create an unwanted profile about you.  Insurance companies (car, health, life etc) can gather information about your habits when calculating insurance premiums for example.  Perhaps your health insurance premium will go up marginally each time your connected car is tracked at a fast food drive through?

Many devices such as the home assistants (such as Amazon Echo & Google Home) and others (such as Smart TVs) are developed to respond to voice prompts.  This capability alone means a vulnerability for these devices to capture sensitive conversations within your home exists.  The public domain is also entertaining IoT integration in pursuit of becoming so called ‘smart cities’.  Privacy concerns are related to mass surveillance, predictive policing, and perpetuation of normative behaviours such as billboards using hidden cameras to record the demographics of those who stopped to read an advertisement. 

To the reader as an individual user of technology these are the major privacy concerns – the sheer volume of new data being created about you and the fact that your home is no longer an inherently private place.  We could write more about the societal impacts, mass surveillance, and broader issues but that’s outside of the scope of this piece, it’s more about you today.

Security issues & concerns

IoT devices are vulnerable as they currently do not have the computational power to run serious security functions.  Whilst computer systems can be updated with security upgrades and patches, most IoT devices simply aren’t designed with this ability.  Vulnerabilities have the potential to go on for years without being addressed by which time support may finish or a manufacturer goes out of business. 

This means IoT devices are an easier target for bad actors compared to devices with computerised systems.  Partly to blame is the rapid growth of this industry with many manufacturers rushing to market at the expense of good security.  Because IoT devices are closely connected, all a bad actor has to do is exploit one vulnerability to manipulate all the data.  There are countless examples of security issues with IoT devices, here’s a few:

• Children’s smart watches with vulnerability allowing bad actors to access wearer’s location, listen in on conversation, and even communicate to the wearer!
• Toy Manufacturer Vtech losing videos and pictures of children using their connected devices
• Ring home security camera hack with the bad actor talking to the young girl in the room
• Over 100,000 cameras containing security vulnerabilities allowing them to be compromised easily

Your decision

Internet of Things devices may seem mostly gimmicky, their convenience benefits mostly insignificant, and timesaving mostly inconsequential.  For the most part it seems their appeal is also due to a desire to keep up with the Joneses through Conspicuous Consumption.  This may be minimal for some people while others strive aggressively to have the latest gadgets to flaunt to their family, friends, co-workers, or neighbours.  You may read this with the objection of noting that most IoT devices are relatively affordable to most people, which is certainly true as traditionally this was a domain for purchases with a large purchase price, the prices are coming down. 

We may be seeing a transition in what is traditionally owned by people and what is subscribed to adhoc.  One example is ride sharing apps now and driverless cars (which would effectively be taxis) in the future which may eliminate the need to own a personal vehicle.  It is said the younger generations are indeed living by the mantra of ‘buy experiences not things’ which basically says; spend X thousand dollars on a holiday with your family and not lay expensive Italian tiles in your home as the latter won’t bring you the same joy as the first (but the lovely tiles can be flaunted). 

Whilst IoT devices are things and they are affordable things they are also the enablers of experiences, namely experiences which can be regularly flaunted (unlike a holiday).  So, if we are indeed moving away from keeping up with the Jonse’s things we are likely moving toward keeping up with the Jonse’s experiences.  Those experiences lay within living a ‘connected life’ such as turning on the heater in advance of returning home with your guests after a dinner meal on a cold night. 

Your decision is do you indulge the IoT, embrace the conveniences and invest in the technologies – perhaps a connected or ‘smart home’ will have a higher value when it’s time to sell?  On the flip side of things is the heightened threat of a hack or compromise worth it? Is the loss of your home as a place for private interactions being able to take place worth it?  This is dependent on your personal circumstances, for example it may be necessary from a health or treatment perspective.  If you’re on the fence – simply ask yourself if you really need the advantages on offer. 

Conclusion & precautions

It’s likely most of us won’t be able to resist having a single IoT device in our lives given the rapid uptake of smartphones.  Increasing the number of connected devices and associated login accounts obviously increases the pool of our data which is out there to be breached (known as expansion of attack surfaces).  However, IoT devices and the connected ecosystem (the various endpoints) can be secured by following the general privacy-first practices (listed first) and IoT specific precautions as listed below:

• Protect IoT devices with a good, strong password or a password manager
• Enable 2FA when logging into your IoT device / portal
• Ensure you keep the software up to date
• Use a VPN – especially if you’re accessing your IoT devices away from your home / trusted network
• Install a reputable antimalware provider on all devices with internet connection possible, most operate on a subscription model offering protection on certain numbers of devices
• It’s a good idea to have your IoT devices run on a separate internet network to your home or work computers or laptops (create and run them on a guest network). This means if your IoT oven (for example) is compromised, it won’t act as a gateway to your laptop which stores more sensitive information
• Ensure the router or network your IoT devices connect to is secure and up to date as well.
• When you set up the device for the first time spend time checking the default settings and ensure they’re at their highest privacy level. Most default settings ensure maximum data collection for the vendor / provider. However, this can be greatly reduced by spending time adjusting settings for privacy without impairing the performance or capability of the device
• Only purchase IoT devices which you will experience a genuine and tangible benefit from as opposed to a gimmick that might save a few seconds. As soon as you don’t need a devices remove it from your network, perform a factory reset on the device, and formally close down your account with the provider (don’t forget to request they delete their stored data about you)
• Before purchasing research the companies behind the IoT devices, their data collection, storage, and use policies, their security history (have they been compromised in the past? If so how did they respond?), etc. Some may be highly rated for taking privacy and security seriously whilst it’s an afterthought for others. For example, it’s better to choose a device and provider which allows you to choose local storage rather than cloud storage or a device with tamper-resistant features where the device is disconnects from the network and disables itself if it is tampered with
• Keep IoT devices physically secured from theft in the event of a home break-in or similar opportunities for malicious theft such as hosting a party at your home. This is as simple as not leaving devices laying around in plain sight, but if they need to be can they be drilled down or mounted? It also extends to where you locate the devices at home – cupboards, studies, bedrooms, safes, and roof cavities are some good options to keep devices out of the main areas such as living rooms, dining rooms, and kitchens.

Privacy Rightfully supports the advancements in IoT particularly where medical treatment and support for those living in rural areas is concerned.  However, we would say the majority of IoT advantages (in their current form) within the private sanctuary of someone’s home are not worth the data being handed over or the security vulnerabilities just yet.  So for now, we’re happy to turn on our own coffeemaker thanks. 

This article is written in line with our Terms & Conditions and Disclaimer. As such all content is of a general nature only and is not intended as legal, financial, social or professional advice of any sort. Actions, decisions, investments or changes to device settings or personal behaviour as a result of this content is at the users own risk. Privacy Rightfully makes no guarantees of the accuracy, results or outcomes of the content and does not represent the content to be a full and complete solution to any issue discussed. Privacy Rightfully will not be held liable for any actions taken by a user/s as a result of this content. Please consider your own circumstances, conduct further research, assess all risks and engage professional advice where possible.