The Internet of Things—IoT—is a formal term referring to distinctly identifiable objects (cars, kitchen appliances, smartphones) and their cyber-representations on the Internet.
By 2020, it’s projected by at least one expert that there will be over 30 billion “things” represented virtually. All of this gives rise to increased security risk that seems almost paranormal.
The virtual world seems to be closing in on the physical world. Gee, sensors that track food purchases, for instance, can reveal if someone’s on a diet or is of a particular religion.
The IoT is expected to evolve in the following ways:
Making dumb objects smart. Imagine house keys that don’t need to be taken out of one’s purse or pocket to open a door, or a gadget that you can scan dairy products in your refrigerator for expiration dates, and the sensor will then remind you of these dates.
Go one step further: A mouse that can click links—not controlled by hand movements, but by thought. Well, that may be a century off, but you get the idea.
“Things” that make changes by sensing changes in the environment. Imagine a garage door that opens because a sensor in it “knows” that the homeowner is approaching from 100 feet away.
These “things” will react according to data received about what those things are virtually connected to. But if this technology is centralized, imagine what a hacker can do: The whole town’s garage doors won’t open. A national centralization will even be worse.
Devices with independent autonomy. This sounds fantastic: Technology won’t require an intermediary device (like a smartphone) to take action when it “senses” a change in the environment.
Imagine a “thing” sensing a change in your body (via sensory technology and apps) and then responding by dispensing medication. But this also sounds frightening: Imagine what a malicious hacker can do with this technology.
- Ownership of data. Passing the buck for security responsibility is a major issue. Who’s responsible if a device gets hacked? The maker of the device? The owner? The hacker? Who should have secured it? This type of responsibility needs to be defined.
- Transfer of information. Vulnerabilities exist when data is enroute. Data may sit stored in a local data collation hub where it awaits uploading, but meantime can be stolen.
- Sensitivity of data. Varying tiers of security are needed to correspond to varying kinds of data being transferred. For example, a data stream about the amount of humidity in a greenhouse doesn’t need security, while medical record information definitely does.
- Death by hacker. With increasing advances in the realm of IoT, hacking can become a life-and-death matter, not just the nuisance of some baby monitor getting hacked and the hacker spewing out lewd comments for mommy to hear. For instance, it’s only a matter of time before a doctor, hundreds of miles away, remotely controls a patient’s implanted heart arrhythmia controller. What if a hacker gains access and demands ransom or else?
- IT infrastructure. Cloud security concerns will only deepen as the IoT proliferates. Data access, ID and authentication, legislative boundary constraints and other issues must be considered. And should data be stored publically or privately, is another big question to answer.
- Unprotected wireless. Making sure any wireless connections are protected by a VPN is essential. Hotspot Shield VPN is a great option and it’s free.
At this point, nobody really knows how all of this will pan out. Regulation and legislation will be very challenging. The IoT may very well leave legislation for data protection in the dust.
Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.
Follow Robert Siciliano on Twitter: www.twitter.com/RobertSiciliano