‘Digital asbestos’? Looking at the rise of IoT phobia
Internet of Things (IoT) technology attracts split opinions. On the one hand, it will provide the infrastructure for smart cities, ‘connected’ daily life and autonomous vehicles. On the other, it’s a data privacy and cybersecurity minefield.
One thing’s for sure, IoT technology is here to stay. There are seven billion IoT devices currently worldwide, and estimates for 2025 are as high as 40 billion. While some may excite at the long term prospects posed by that growth, others see it as a potential catastrophe waiting to happen.
“The ever-growing number of IoT devices, in combination with this lax security, is a perfect storm for cyberattacks,” noted Rob Scammell, a Technology Reporter at GlobalData.
It’s an opinion held by others, and it’s leading to some pretty extraordinary hyperbole on the matter.
Chief Research Officer of cybersecurity firm F-Secure, Mikko Hyppönen, compared the rising use of IoT devices to that of cancer-causing asbestos in the 1960s and 1970s: “This is not the first time technology has taken us in the wrong direction. So I think this is dangerous. It’s very dangerous for our privacy. It’s dangerous for our security.
“This is going to be the IT asbestos of the future. This is what our kids will hate us for,” he told GlobalData.
Based on the portend of former cases such as the Mirai botnet, other experts of the field regard the phenomenon as a form of ‘digital pollution’ which will give way to DDoS attacks against critical services, and spying and espionage— even drawing parallels with the technology to a plague.
A rise in IoT phobia
Any device or system with a code is vulnerable to hackers. However, well-developed cybersecurity features can lower the chances of a successful attack.
With an explosion of IoT in the market, security is often secondary to the product features, price, and performance; hence, developers are focused on designing IoT with impressive features but less robust security.
Lacking strong security systems means hackers can easily target vulnerable devices or apps and gain access to other more valuable information such as bank accounts and login credentials. In this light, promises of smart city technology, where public services and infrastructure are connected, can sound ominous.
In addition, the functions of IoT are to gather data and form a pattern on daily routines. Be it in a factory monitoring the temperature or how a product is being used, the data collected serves as ‘customer feedback’ to the research and development team.
In the wrong hands, data accessible by compromising these devices spells huge risks to privacy, both for individuals and businesses.
The inconvenient truth
Various sources have predicted a forthcoming “IoT doomsday”. In an article for Wired, Intellyx President Jason Bloomberg cited a combination of vendor dominance, commercial interests, digital fatigue, and privacy and security risks as combining to potentially “doom” IoT in the future.
Even so, he argued that problems stem from the “Internet of People” or in other words, the motives, shortcuts and foibles of those individuals deploying and using it, not the “extraordinarily powerful communication and commerce” technology itself.
Companies have historically been more inclined to invest in research and product development to win the innovation game at the risk of compromising security features. This shouldn’t deter users from enjoying the benefits and convenience IoT offers. Instead, the concerns raised should be a wakeup call for developers to step up in designing resilient security systems, if they are to win the ongoing support and uptake of users.
In this regard, common solutions comprise stricter regulations such as a unique identification number for every internet-connectivity device. Besides that, a consistent and secure update service to upgrade the ‘immune system’ of IoT, equipping it with the necessary defenses to withstand cyberattacks, and the ability to “re-image everything from the firmware up”.
Hyppönen’s statement that “the proliferation of ‘stupid’ internet-connected smart devices” will become the “IT asbestos of the future” may be somewhat extreme. But it reiterates the rapid, and potentially reckless, escalating integration of IoT in homes, offices and public areas as potentially ‘hazardous’ to society.
Hyperbole though it is, it does well to highlight the scale of potential threats the technology could welcome in and the significance of monitoring the growth of internet-connected smart devices as they proliferate around us.
It is unlikely that IoT devices will become equivalent to the indestructible and hazardous building material. However, let the analogy serve as a reminder for us to identify the root causes of such comparisons and seek solutions to counter them.
3 April 2020
2 April 2020