In an increasingly digital world, products and devices are evermore interconnected. Doorbells, watches, light bulbs, thermostats, TVs, speakers, appliances, security systems, and vehicles– objects that once performed a simple task are now embedded with transmitters and receivers, and “talk” to each other over the Internet.
This is the Internet of Things (IoT): physical devices with sensors, software, and other technologies, that collect and exchange data with other devices and systems over the Internet. In a smart home, for example, a user with a wearable device, such as a smartwatch, can control their home from their wrist. At the touch of a button, they can automatically connect to other smart devices around the home.
The IoT aims to make our lives easier, our environments smarter, more measurable, and talkative, but it comes with a risk. While many of these innovations have made our lives more convenient, they could have major implications on public safety. Notably, the rapid evolution of the IoT is outpacing the mechanisms available to protect devices and its users.
For instance, the Nissan LEAF -- an all-electric vehicle with remote capabilities -- can be controlled from features within a mobile app. However, a few years ago security researchers uncovered that information about an individual vehicle and its owner can be anonymously accessed through the app. This included the battery status of the vehicle, as well as the Vehicle Identification Number (VIN) and the owner’s ID on the app. It was also brought to light that access to the VIN enabled people to connect to other vehicles and control them.
The ability to connect practically any physical object with an on/off switch into part of the IoT raises security and privacy concerns. With billions of existing IoT devices, the new entry-points for cyber attacks have grown significantly.
One of the risks posed in connected devices is poor password management or poorly secured transmissions. Strong passwords create friction for users and balancing security with press-and-go ease of use is a challenge manufacturers are still grappling with. Devices are more susceptible to security breaches due to minimal human involvement- many devices are activated without lifting a finger or by the click of a remote.
There are also the risks to personal privacy and data. Google’s smart city project in Toronto which sought to build a digital city “from the internet up”, triggered concerns over management of personal data. Canada’s Privacy Commissioner stated in a letter to Waterfront Toronto that Sidewalk Lab’s data governance proposals have a lack of independent public oversight and an unclear role for the City of Toronto in maintaining public safety.
Although IoT devices, products and services help reduce manual tasks and can save time, it often comes at the expense of personal privacy.
Technological advancements have made our lives easier, faster, and better. However, sensors that are always on and interacting in the user’s environments can be a big security challenge. As these technologies become more pervasive, and continue to shape our world, continued vigilance in protecting safety and privacy is critical.
Engineering Life is an occasional series that explores the human side of engineering through stories and insights in the lives of engineers. This series is supported by affinity program partner TD Insurance, a trusted partner dedicated to helping engineers and geoscientists get access to preferred insurance rates on car, home, condo and tenant coverage.
For more information or to get a quote visit www.tdinsurance.com/engineerscanada or call 1-866-293-9730.