The Internet is expanding rapidly as we add new devices to the system and integrate new Internet of Things (IoT) devices that offer to help us to complete a myriad of chores and make our lives easier.
Experts say that more than 328 million new devices are added to the Internet every year — in simpler numbers, about 125 new devices every second! Further, the rate is increasing as everyone on the planet becomes more and more connected. These devices include smart devices for our homes, businesses and industry, wearable fitness devices, self-adjusting thermostats, remote door locks, washing machines, dryers, stereo systems, smart speaker and security cameras. Very soon nearly every vehicle will also be connected to the Internet.
More importantly, the Internet will soon become a major centre for services. The IoT has incredible potential to transform our lives by empowering the individual citizen while helping make government transparent. In the very near future, the IoT will transition into an Internet of Service for most us, as our “things” recede into the background and form an integrated service platform for us.
Rather than needing to access each sensor, or group of sensors individually, an integrated “system of systems” will provide an architecture enabling us to control our world of services remotely from our smart phones, tablets or other devices. Our “service
manager,” be it ourselves, or an application service provider, will bundle or link our IoT devices and arrange for automated responses to our queries to provide these services.
One emerging service manager application is: “If This, Then That,” or IFTTT. This software platform connects apps, devices and services from different developers, then automates a response “triggering” one or more automations involving those apps, devices and services. New and improved apps such as this one, will lead us into the applications as a service (AaaS) age, enabling us to
move from controlling each of our applications and devices separately into a complete application service management arena.
As we emerge into this perfect, service world, what could possibly go wrong? Plenty! There are three key challenge areas we need to consider before we can go deeper into making the IoT an integrated platform for application services. These areas will affect all of us as we go forward—privacy, security and stability.
Privacy is a growing concern, as more and more elements of our information become available, and could potentially be compromised, leading to release of far more personal data than either authorised or expected. Internet privacy, or online privacy, is a very broad term that refers to availability and access of personal data through specific approval and release, or inadvertent release of essential elements of information have found their way into unapproved use or public access.
We are all familiar with the legal notices that popup when we download applications telling us about how the company will use our information for release to third-parties. Yet, nearly no one reads or understands the policy. As we connect the applets, which are very small applications performing a single task, into a mesh of interconnected applets to complete automated tasks, we open a variety of opportunities for developers and users to create new services never expected.
That’s the up side. The down side — those same applets may spread vulnerabilities for exploitation of our information or provide opportunities for security attacks into our connected applications.
Cybersecurity then, will become a major concern for all of us, as new devices are added, and older, less reliable ones continue in
service. Cyber-attacks are more than just hacking of software systems. They also include attacks against the devices themselves,
where attackers are able to take control of the unit, collect a variety of information from them, as well as operate them in potentially
dangerous and definitely insecure ways.
Can we build security into our devices? Perhaps in future, but we are a long way from there now. Some experts say that as many as 87% of all Android operating systems over two years old are currently in use with known security vulnerabilities which have not been updated or patched.
In many cases, the units and their software are no longer updated, as newer models come into the market, and the demand for older devices diminishes. Nonetheless, these smart phones are often maintained in service well past their expected lifetimes, offering opportunities not just for open attack, but providing a vector for introduction of other malicious code throughout our devices and other systems.
Platform stability may be the most vulnerable area. Stability of the software and computing hardware, or platforms is becoming a major area of concern. A platform can best be described as a hardware or software architecture or application frameworks allowing our software to run efficiently.
There are a wide variety of platforms in existence today to facilitate the wide variety of tasks required in the IoT. Platform fragmentation is a term used to explain the variety of IoT devices which cannot be easily connected or interfaced due to the unique hardware and software running on them. This complicates development of interconnected applications.
Most of these IoT devices are extremely limited in memory and computational capacity. As such, they may also use specialised operating systems with reduced capacity for new software updates in the field. Since updates are restricted or cannot be done due to excessive memory requirements and extra processing resources, these devices do not support traditional security mechanisms. As a result, security “patches” are usually left undone, providing ample opportunity for introduction of malware into these devices and across the entire IoT.
Security for these services can only be done through better design with security built in.
Only after users begin paying more attention to their information privacy and security by not purchasing or using applications without security built in, will developers begin paying the needed attention to privacy and security of the user by designing integrated security as a fundamental element.
(Iyengar is Director and Ryder Professor, and Miller is Adjunct Faculty, School of Computing and Information Sciences, Florida International University, Miami, USA)