The Internet of Things; what a broad term. First coined by Kevin Ashton in 1999 to describe the ability for machines to generate, communicate, and operate on data generated by machines themselves rather than human beings.
Since the term was first adopted into the vocabulary of the tech industry, internet connected devices (or “things”) have just about poised themselves to invade every aspect of our lives. Already in 2016 we have devices like Nest and Hive allowing us to control aspects of our homes, whilst Tesla are developing cars that can have dangerous engineering issues fixed with a software update to every one of their customers’ vehicles at once, before ever having to recall a vehicle.
But to many, these applications of the Internet of Things are just the beginning – high-profile poster children, of you will, of what the Internet of Things is becoming.
However it is the more ubiquitous and much more connected Internet of Things that many are waiting for or aiming to provide. Inventors, entrepreneurs, and general hobbyists are attempting to provide all manner of additional functionality or level of emotional attachment to every-day things. Sprouts.io aim to use internet connectivity to turn growing home food produce into an efficient and “thoughtfully designed” experience. While companies such as Binatone move to take existing household devices and attempt to create the “Emotional Home” where existing devices gain extra emotional value due to connection to other devices and people.
However while Internet of Things products begin to fill figurative shop windows, the methods and ethics by which things should and are being connected to it are still not written in concrete. The Open Connectivity Foundation (OCF) seem to be the closest thing to a governing body of the Internet of Things to the same capacity that the W3C governs the World Wide Web, representing many major players in the tech industry including Intel, Cisco, Microsoft and Big Blue themselves IBM. As members, these companies agree to adhere to the standards and specification that the OCF define for the development of IoT devices.
However, missing from the impressive members list are two of the most major players in the tech industry; Google and Apple. These two behemoths of tech are instead choosing to work independently on their own specifications and platforms, Nest and HomeKIT respectively. In fact, dozens of other organisations are all separately trying to standardise the IoT, opposed to just a handful led by W3C for the World Wide Web.
Such disconnect and competition between regulatory bodies accompanied by the accessibility of IoT technology to independent inventors and startups could lead to a world filled with internet connected things in which no standardisation or regulation has been implemented. This scenario raises the possibility that devices pose a risk to end-users, for example through lack of sufficient security or even through malicious intent; after all if there is no regulation in place for what can be connected to what (and how) then what’s stopping somebody releasing a product that intentionally or not, passively or actively harms its user through the operation of the device itself, opposed to being in due to effects of outside influence.
Security holes have been a concern for IoT professionals since the 1990s. Millions, now potentially billions, of internet connected devices with outdated software can (and have) be farmed for use by botnets. More dangerously, connecting the internet (and thus potentially malicious people) to essential infrastructure means that a lack of effective cybersecurity now poses a real, physical threat to people’s safety. In 2014, Researchers were able to hack into Michigan’s traffic light system thanks to “unencrypted wireless connections, the use of default usernames and passwords that could be found online, and a debugging port that is easy to attack”.
Update 23/10/2016 – The lack of proper security among IoT devices has once again made headlines with the Mirai botnet, which knocked a large number of extremely popular websites offline after gaining control of millions of Chinese-made and using them to attack their DNS servers.
In fact, Anand Mani Sakar gives an excellent list in a post from 2014 of instances where security flaws in internet-connected devices have been proven potentially catastrophic at every scale; from hackers proving their ability to take control of every device in a “smart home” as part of a journalistic piece for the BBC to the Stuxnet computer worm attack that put an Iranian Uranium enrichment plant at threat in 2014.
So security is without a doubt a major challenge facing the future of the IoT and the safety and experience of its users. However what about the devices themselves?
My future posts under this topic of the connected every day will look more at the question about whether the danger of Internet of Things devices might manifest themselves even further, to the point that it is the innate design of the IoT device that has potential to cause harm, and how a project I am working on aims to explore this question.