Conversations around the impending Internet of Things (IoT) revolution tend to go one of two ways. The more technologically receptive see the possibilities as exciting, and await the future of self-stocking fridges and smart-jackets with glee. The smart home, the smart city - the future is connected and the effect this will have on our lives is tremendous. Others, though, look at the IoT and see a plethora of security and privacy issues, almost all of which are well-founded.
Mobile phones faced - and continue to face - similar reservations when they became connected, and the wearable technology adorning people’s wrists is simply further behind on the acceptance arc. The problems facing wearables in particular, though, are so wide-ranging as to be daunting for those looking to safeguard their customers from hacking and potential fraud. Each functionality of a smartwatch, for example, has the potential to be exploited and it is the job of the developer to, in a sense, predict crimes before they happen. Spotting the gaps in the tech’s security is difficult, though, and it is early adopters that run the risk of falling victim to a new type of crime.
TechCrunch use the example of a smartwatch being hacked, its motion sensing data being extracted and this data then being used to determine the user’s PIN number. A team from the Stevens Institute of Technology ‘combined wearable sensor data harvested from more than 5,000 key entry traces made by 20 adults with an algorithm they created to infer key entry sequences based on analyzing hand movements.’ The process is complex but the results are astounding, with the team able to establish a user’s PIN with 80% first-time accuracy, and more than 90% accuracy after three attempts. This technique could extend to typing done on a keyboard, the implications of which are great. Simple solutions like the user using their other hand to type their PIN would work, but the forgetful and the uninformed would still be targets.
A PricewaterhouseCoopers report found that 70% of connected IoT devices in use today lack fundamental security safeguards. Fresh concerns seem to surface weekly, from the hacking of driverless cars to many fitness bands possessing hopeless in-built security. The reason for this is that, by its very nature, the IoT has multiple points of vulnerability - the product, its communication channels, stored data inside the device, its data aggregation platform, embedded software and the data centers used to analyse the sensor data. Each key IoT developer will have security at the heart of their strategy for this reason, but plugging the gaps, one feels, will be something of a thankless task.
The smart home, with all its potential functionalities, is rife with opportunities for invasion of privacy or compromising data extraction. A connected door, for example, could be hacked and could monitor when a person enters or leaves their home or, worse still, be opened remotely. Child monitors and smart TVs could watch their user. A smart car could tell a hacker both how many members of a family have left their home and the exact distance away from the property they are. Articles around the topic tend to read with an air of the luddite, and simply listing the potential security concerns may seem reductive. In reality, though, there are simply so many potential exploitations that users are right to be concerned, and manufacturers have a responsibility to be.
Striking the balance between security and efficiency is a job for these manufacturers, but consumers should be aware of the risks and buy products with security in mind. Senior director of marketing at Arcsoft, Caroline Tien-Spalding, said: ‘Before you buy a connected device, do your research. How is your data protected and encrypted? Where is it stored? Does it include an option for a public stream?’ There are a number of methods consumers can use to safeguard themselves from attacks, and before turning your home into a vision of the future, it is well worth taking preventative measures to avoid any sensitive information being hacked. The IoT is an exciting development in both personal and public technology - as with any new technology, though, the dangers should be just as large a part of the conversation as the potential.