The Connected Future: Part VIII
This is the eighth article in our #ConnectedFuture series, which aims to provide an understanding of the key aspects that comprise the Internet of Things (IoT) and how it can be applied to your daily life and business needs. Be sure to follow along all month as we share our insights to the hyper-connected future.
Safety First
IoT is new, exciting, and dare I say sexy. It has the power to bring some of our greatest technological aspirations to life like never before. It simplifies and creates a digital fabric where great connections will be built. It delivers increased convenience, improved automation, new connections, and dramatic efficiencies. But, we’d be remised if we failed to discuss the potential risks that come along with such great opportunity.
Many of the challenges that IoT raises will be predicted, but many — often unintended — will slip by, undetected. While many of us see the bright, shiny future of IoT as a futuristic utopia in which we’ll use technology to improve our lives, others view it with a slightly more skeptical view. And since we believe skepticism is good, let’s dive in to a few of the potential pitfalls.
Road Rage 2.0
Cars are quickly becoming one of the most advanced mobile technologies in the burgeoning IoT ecosystem. As IoT has grown, connected cars have become an integral part of our transition to a hyper-connected reality. With that reality comes plenty of challenges, many of which have not successfully scaled to meet the security requirements that ultimately keep us safe.
In 2015, one terrifying example of the security challenges at hand came to life when two researchers managed to remotely take control of a Jeep. Two hackers were able to, through a series of hacks, take control over the radio, AC, wipers, transmission, steering, and even its brakes, all from the comfort of their couch via a Sprint cellular network connection. The hack could have easily been done over Wi-Fi, but that physically requires the hackers to be within range of the cellular network. In order to gain access, the hackers merely required the cars IP address, which only took a few lines of Python to obtain. Due to the always-enabled nature of cellular networks, once the two hackers had the IP address they were able to hack the vehicle from anywhere within Sprint’s cellular network.
Now, you’re probably thinking “these must be some incredibly talented, highly-skilled, yet rare, super-hackers.” Though they’re quite obviously talented, they’ve each made it explicitly clear how absurdly easy the hack actually was. The entire hack was made possible due to connectivity and our collective attempts to transform things — cars in this case — into digital objects.
While Chrysler quickly recalled 1.4 million Jeeps to reduce security risks presented by that particular model, it took nearly a full year to issue the recall. Sadly, Chrysler is not the only company facing these attacks; BMW, GM, and Tesla have all suffered similar attacks over the past two years. It’s safe to say, we’re not yet completely safe. Hacks like these highlight deep-rooted security and privacy concerns associated with IoT and ubiquitous connectivity. Software becomes a weapon with which hackers can do unimaginable damage, at mass scale, with minimal effort.
The vulnerabilities presented could happen to any connected device, highlighting copious amounts of new risks and security concerns that need to be cautiously accounted for and addressed. Software, written by humans or machines, increases their potential for harm. So, how do we do stay safe when everything we engage with is connected and consequently vulnerable to hacks? First, let’s look at the risks.
Risks
Security Risks
IoT not only creates new risks and opportunities for malicious attacks, but a wider reach for attackers. As materials become more available, hackers will have the same access as any consumer to the devices, allowing them to directly access, analyze, and create a plan of attack for each device. It’s almost too easy. Wireless technologies, while currently accessible via remote access points, are typically physically located away from hackers and, therefore more secure and protected. Once IoT devices hit the market, it’ll be much harder to monitor them remotely. In fact, you can image the tables are now turned; hackers will have devices directly at their disposal and companies will be required to remotely manage and secure them as needed.
Not only is the range (breadth) more susceptible, but the depth. As those with malicious intentions gain access to insecure devices, their ability to reach deeper into an inter-connected network grows exponentially. The lines slowly blur as the networks grow and connect at all new levels. IT departments will face completely new challenges and be forced to address a wide swath of issues on a broad scale. IT departments and CIOs who have not kept up with security standards will fall behind at a rate that will be nearly impossible to make up. Those who consistently learn to adjust and adapt will build security, trust, and loyalty with users.
Privacy Concerns
Privacy is something that we feign interest in when someone asks us to read and accept a privacy policy for their product, quickly breezing past the important information in order to get access and fulfill our need for immediate gratification. Let’s be honest, at best we’re indifferent to current privacy policy waivers presented by digital gatekeepers. Many of these products in our world are already collecting large amounts of data and using it for their own purposes — it’s something we’ve become accustomed to in the digital world.
Like most aspects of IoT, privacy concerns become far more complicated with increased connectedness. The amount of data collected by our devices builds additional concerns about privacy and confidentiality of personal data. As brands go deeper into the IoT rabbit hole, they’ll be required to create compelling value with the data they collect and manage, as users will demand transparency to ensure validity. Data integrity will become a way in which brands live and die.
Not only is privacy a major concern, but ownership of data will change dramatically. Questions of who owns the data from your sensors, your devices, your location, and each and every connection point will quickly need to be addressed and accounted for. If you purchase a device to track your heart rate, who owns the data? Is that your data? Is it the manufacturers data? Does that data get shared with your physician? Once they have the data, what level of authorization do someone have? Each of these questions — and more — will need to be addressed on an individual basis as devices come online.
Practicing Safe IoT
So, now that we’ve presented a slightly scary version of the future, let’s talk about what can be done to mitigate our risks as we approach the future of IoT. First, this challenge has not gone undetected and is actively being addressed by many industry experts — from ISO to IEEE Standards — so rest easy, the wheels are already in motion. For the most part, IoT practitioners and groups are intentionally focused on addressing security issues and maximizing data encryption standards. While all of that is encouraging, there are some things that we, as businesses and contributors to the hyper-connected world can do to help practice safe IoT.
Strength in Numbers
Despite the somewhat grim picture painted by all of these risks, our hyper-connected future is not hopeless. As we continue to become more and more connected, we must learn to balance risk and reward. Each new technology will usher in security risks and concerns, but this is the nature of anything that allows for deeper connection; we’ll always be subjected to risks in the world around us. One of the greatest tools at our disposal is our ability to connect; it’s the fundamental principle behind the connected world. Through connectivity, we hold the power to inform businesses of security risks and potential flaws in their software, actively contributing to our own collective safety. This will require a new level of transparency from brands, as they’ll be expected to be receptive to review in an attempt to protect all users from major risks.
Partners: Humans and Machines
Technical challenges and vulnerabilities like the ones mentioned with the Jeep hack (above) give us some basic insight into what happens when machines are left to control too much, without the ability to override or manually operate connected devices. IoT raises the stakes as millions of new devices create new intersection points between people and machine. The devices and software communication across varying standards and protocols present a real-world risk of delivering a sub-par result. The maturation period is critical to the success of IoT.
The best practice for ensuring our online world is as safe as possible is to act as partners, bridging the online and offline world between humans and machines. As history has shown, technology adoption is not always uniform, creating ongoing challenges that must be addressed along the way. As usability and practicality begin to reach critical mass, the need for manual safety checks and the ability to operate safely offline still remains paramount. Humans help ensure this offline support is properly balanced with our online world, providing a safety net that mitigates major security risks and provides the opportunity to safely disconnect devices as needed.
Ultimately, IoT products will be expected to create advantages for businesses and consumers alike. Those that present any level of risk will quickly be discarded. As questions and concerns continue to arise, skilled experts will be ready to help ensure a safer, better future.
Written by Kevin Kirkpatrick (Partner & Co-Founder) and Ryan Peterson (Partner & Co-Founder) at Uprise.
