Locking down the Internet of Things

Much has been made of the economic benefits of the Internet of Things, but at what cost to our security and privacy?

Imagine a world where the electrical items in your home were constantly collecting data about your living habits and feeding it back to some faceless third party.

While this might sound like something lifted straight from the pages of a dodgy paperback sci-fi novel, it is a scenario that is expected to be played out in millions of homes across the world over the coming years.

The Internet of Things (IoT), as the concept has been dubbed, has been a major source of industry discussion for some time now, with many talking up the economic benefits it could bring.

There is a real possibility that an individual's habits, location, interests and other personal information may be easily tracked.

Advertisement - Article continues below
Advertisement - Article continues below

For example, networking giant Cisco recently claimed IoT will open up trillions of dollars of new market opportunities over the next decade. 

But, while analysts and vendors talk up the massive sums of money to be made from IoT, the European Commission has flagged some serious concerns about life in the connected world.

In a recent IoT factsheet, published on the back of a public consultation carried out by the commission last year, the organisation said everyone should be concerned by the prospect of an "omnipresent" network of connected devices.

"[The] cross-linking of objects offers new possibilities to influence and to exchange [and] this leads to a variety of new potential risks concerning information security and both privacy and data protection," the document states.

From a privacy point of view, the collection of information by a multitude of connected devices could make it easier for people to be identified unless steps are taken to ensure the data is completely anonymised.

It is a point Kevin Curran, a cyber security academic and senior member of trade association IEEE, thinks needs to be urgently addressed.

Advertisement - Article continues below

"There is a real possibility that an individual's habits, location, interests and other personal information may be easily tracked," he says.

"[Because] there is sophisticated data mining software in use which can reveal uncannily accurate information [based] on previously anonymous' data."

This information could be repurposed by identity thieves, seized by others for blackmail purposes, or simply sold on as marketing data, he adds.

Either way, Curran says there needs to be a public debate on the social and privacy implications of IoT in order to establish clear rules on how data can be used.

Advertisement - Article continues below

"There is still no agreed protocol for access to public data when it comes to law enforcement agencies or other intelligence agencies, and there is a debate waiting to happen here," he explains.

Miles Hodkinson, chief technology officer at wireless components firm Ciseco, backs this point, describing the privacy and security implications of IoT as a taboo subject within the IT industry. 

Advertisement - Article continues below

"It's the elephant in the room no-one wants to mention because when you look at the $14.4 trillion figure Cisco has flagged, for example, these figures are eye-watering and it's a great story for shareholders," he says.

"But people seem to be forgetting about the user's role in all this...[and treating them like] this thing that generates data and revenue for them, while everyone else consumes it."

Most IoT discussions seem to focus on how the data generated by connected devices will improve user experiences or make it easier for marketing firms to target products at consumers, but Hodkinson fears the information could fall into the wrong hands.

"If the power consumption of your fridge can be monitored, which is something we have the power to do today, it's not difficult to establish what time you go out to work. All I need to do [then] is have a word with someone and say 'this is about the time I think you should go and burgle that house,'" he says.

Furthermore, the 'trivial' information a fridge can feedback could be tracked over time and lead to assumptions being made about people's living habits, which in turn could affect other areas of their lives.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now

Most Popular

data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020