Tried, Tested and Proven

We have all heard a great deal, for some time now, about the Internet of Things (IoT) revolution. To my simple mind IoT means machines talking to one another.

I Googled it and apparently the phrase was first coined by a Brit called Kevin Ashton in 1999. He is a tech entrepreneur who designs remote sensors and came up with the term to distinguish between data which is created by humans and then entered into computers, as opposed to computers collecting and swapping data without any need for our involvement. In the intervening years, IoT has rapidly taken shape with gadgets from phones to fridges and integrated itself into our daily lives.

There are now an estimated 14 billion connected devices around the world and this number is expected to reach 50 billion by 2020. Eric Schmidt, the CEO of Google, predicts that soon the distinction between what is online and what is offline will blur so much that we won’t recognise the difference any more.

The key technology behind IoT lies in the form of small, cheap, high-tech labels called Radio Frequency Identity (RFID) tags that broadcast data over the Internet. Interestingly, they were first introduced to track cattle and have since been applied in thousands of ways, from road sensors that collect real-time traffic data, to pills that tell you when they have been taken. As different areas of activity all link up, this promises to create a new era of automation which will save labour . Rob Van Kranenburg is the founder of The IoT Council and he believes that we are entering the next industrial revolution and encourages us to “just think of it as an invisible layer of data over everything”.

The benefits could be legion. Imagine a device that prevents sudden infant death syndrome by providing parents with real-time information about their child’s breathing and body position via an app on their smartphone. That alone sounds wonderful! Think of doctors monitoring patients with irregular heart beats and Parkinson’s disease. Recently the electric car company Tessla “recalled” 30,000 cars remotely by updating their on-board software over the web. Supermarket checkouts could become a thing of the past as we are charged electronically, direct to our bank accounts for what we take out of the store as we push our trollies through the exit doors. Shoplifters would have to run faster for a start!

However; a device connected to the Internet is vulnerable to snoopers and hackers. Connectivity is not always good. The more we connect, the more electronic eavesdroppers can listen in. For example, an Apple watch could tell hackers who you are, including your address and credit card details, where you are and how you tend to spend your time. The same is true of many connected devices which relay your personal data back to the manufacturers who are allowed by law to sell that information on to third parties. As I read recently , “it’s like the TV in your living room, you watch it but it doesn’t watch you. Well all that is changing!”

According to a recent report by Hewlett Packard’s security research team, 70% of IoT devices have serious security flaws. There have been a number of examples where this point has been proven. A “smart doll” was hacked and programmed to spout expletives or recite passages from 50 Shades of Grey. Scott Erven, a security expert in the US, hacked into surgical robots, morphine drips and defibrillators using phishing techniques or cracking hospital passwords like “1234”. The hackers working for Wired magazine, who recently took over the on-board computer of a Cherokee jeep and cut the transmission whilst it was travelling at 70mph, which rather proved their point.

As always, the regulators are more than a few steps behind the advancing technology. IoT is arriving far too quickly for good governance to keep pace. Soon the Internet of Things may become the Internet of Hacked Things! Ofcom is about to release more of the radio spectrum for devices to communicate over but will have its work cut out when considering the security and privacy issues involved. In America, the National Security Telecommunications Advisory Committee has warned that there is “a rapidly closing window of opportunity to protect smart devices including critical national infrastructure from serious security threats ”. Our own National Grid recently abandoned plans to use drones to repair electricity pylons because there was the potential for them to be hacked.

According to the consultants McKinsey and Co, the market for smart devices could be worth more than £15 trillion by 2025, which means that the business momentum to embrace this technology will fuel its rapid advance regardless of these potential consequences. However, one weak link is all it takes to compromise the security of any one of us. A toaster without a decent password could give hackers access to your entire digital life. Giving them the power, not just to burn your toast, but to access your bank account and denude it of funds.

Portcullis offers advice to manufacturers and others about securing the Internet enabled aspects of their products, so that their customers have confidence in using them safely. Portcullis partly developed its security testing division through clients wanting us to test kit for them before they employed it on their networks. IoT will see us testing enabled devices of all types to make them less hackable. Ultimately, users will also have to realise that they will have to employ strong usernames and passwords on everyday items at home, just as they have to at work, if they are to avoid entering the “Game of Threats”.

Clive Room