January 26, 2017

Why the Internet of Things is the new normal

Davitt PotterDavitt J. Potter
Director, Global Engineering and Technical Services
Arrow ECS Security

 

“They’re here…”

Davitt Poltergeist reference

Image from Poltergeist (1982) IMDb page: “They’re heeeere!”

Remember this movie (the 1982 original, not the 2015 remake)? I do. And I still remember the chills that ran down my spine the first time I saw that scene with the little girl and the TV.

And when it comes to IoT, honestly, I get the same chills. What are all these things? What do they want? What are they collecting? Who’s in control of them? What is IoT, anyway? How does IoT impact our daily lives? Do you even really have to worry about it? Well, let’s take a look at a day in the life, and then you can decide…

That’s Really Cool/Creepy

As an engineer by training and a privacy advocate by choice, there are two distinct “parts” of my brain: One part says, “that’s really cool” from a pure technical/engineering standpoint; the other says, “that’s really creepy; what are they doing with all that data?”

From Jeans, to Wal-Mart, to Skiing

Apple Watch? IoT. Fitbit? IoT. If you travel through the Austin airport (or any major US airport, really), the security gates will update the time while you’re standing there in real-time based on tracking the phones that move through security. Levi’s stores also track your phone and can welcome you back to your favorite store, if you choose. Every pair of Levi’s has an RFID chip in the price tag, allowing the stores to track what items are the most moved, most sold and most looked at. Wal-Mart tags every pallet, package and truck with RFID, allowing real-time tracking of inventory. Even herding cows has been made easier with IoT.

Intel is now working with manufacturers to develop “smart clothes” – clothes that monitor your heart rate, temperature and other variables you’re interested in. Tile devices can be put on your keys, your suitcase, your car or even your kids to allow real-time tracking. The baby monitor has entered a whole new area again – far from just listening, you can monitor your baby’s temperature, breathing rate, etc. – all from your phone or tablet. And, of course, GPS that allows you to monitor whether the nanny actually took your kids to the park today!

EpicMix pass

Many ski passes are now equipped with RFID technology that enables users to track their vertical feet, runs they’ve skied and more. (Image from epicmix.com.)

I’m a skier. My electronic pass tracks me around all the ski resorts to tell me my total vertical feet for the day and runs I’ve completed, and it also allows me to compete with my friends. What happens to that data? How is it being correlated with other data? Does it get linked to my Visa and the buying patterns and habits I have? (The answer is yes, in case you’re wondering.) When you buy your coffee via your smartphone, you can be assured that your information is heavily analyzed and correlated, and marketing campaigns are created for it.

If you didn’t really think about these things as IoT, you’re not alone. Many of these devices have very subtly insinuated themselves into our daily lives. In fact, we’re moving away from the Internet of Things and toward the Internet of Everything.

The Internet of Automobiles

If you have seen the ads for the Automatic device from a large car insurance company, that’s also IoT. This is a device that plugs into the OBD-II port on your car, reads the diagnostics and information from your car, and then sends it via Wi-Fi or cellular connection to the insurance company for analysis. What are they collecting? Well, I don’t know the ins-and-outs of the Automatic device, but they tout it as “helping you save money by driving safely.” I do know what OBD-II captures, however – I’m a weekend mechanic and work on all of my own vehicles. My 2005 Yukon’s computer can keep me up-to-date on my car’s vital information:

  • Air/fuel mixture
  • Air inlet temperature
  • O2 sensor status
  • Miles/hours on vehicle
  • Coolant temp
  • Oil temp/pressure
  • Fuel flow rate (gallons/minute or gallons/hour)
  • 0-60 time
  • lateral G/linear G
  • Trouble codes (ECU codes)

…and much, much more. Some of these things are very useful from a diagnostics standpoint; some are useful for an insurance company to make determinations about you and your risk assessment. Combine your acceleration and braking habits with GPS information, route driven and miles/year, and you can quickly develop a VERY accurate profile of a driver. Whether that’s good or bad is outside the scope of this article, but it’s worth remembering. (Cool? Sure. Creepy? Maybe.)

New cars can be “geo-fenced”: If you don’t want your car going to Chicago, you can disable it when it leaves Denver. Or have it send an alert. Did you crash? Alert the paramedics. Law enforcement can actually remotely disable vehicles with OnStar.

Audi and the city of Las Vegas have partnered to provide real-time data of how long your Audi will sit at a red light in the name of optimizing traffic. Vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) have also been areas of heavy research to help monitor and model traffic flows in cities and to provide updates on accidents, road conditions, public safety and, of course, insurance data.

While you drive on your commute, your navigation will be ever-smarter thanks to the updates your car gives and receives from those around it, and the data it receives from the road signs and sensors on the way to your office. Did a car ahead of you spin a wheel on the ice? Its ABS sensor will notify the network for potential ice. Did you forget where you parked? It will remind you when you’re off work for the day.

Smart Homes and Offices

Google Home Amazon Echo

The Amazon Alexa and Google Home. (Image from ITPro.co.uk.)

More and more invisible devices are around you in stores, office buildings and even your own home. The Nest devices, Google Home, WeMo smart switches, Amazon’s Alexa, Philips HUE… all of these things are becoming increasingly ubiquitous. New office buildings have internet-connected HVAC motion sensors that can automatically turn up and down the heat as needed, call security or provide analytics on who uses which doors more often in the mornings. These devices collect data, and send it to the cloud where it’s parsed, analyzed and sorted… and then, in many cases, sold to advertisers.

Did you forget to shut the garage door when you left this morning? All good – your house can alert you and automatically close it if you leave your defined GPS “zone.” Coming home and just want to watch TV? Stop off for a take-and-bake pizza, and you can notify the oven to turn on. It will be nice and hot when you get home. Yes, much of this technology exists now, but it will continue to become easier and easier to use, and harder to separate from daily life. How much of this makes it seem like The Jetsons have arrived? (Note: I still want my flying car!)

The fact is, you’re surrounded by the Internet of Things – and it’s only going become more woven into the fabric of your life.

Who’s Watching the Watchers?

So, as usual, there’s a dark side, or a side that isn’t all shiny and excited about the future. This is where my privacy advocate kicks in. What is happening with this data? Where is it? Who’s securing it? Is it even secure? What can I do about it?

The reality is: not much. Many manufacturers give lip service to security, relying on traditional security methods such as home Wi-Fi encryption and home firewalls. The complexity of home networks is now beginning to approach businesses. In my own home, I have a firewall, two access points and upwards of 50 plus IP-enabled devices – and about 10 of them are traditional PCs, phones or tablets. Where does all that data go, exactly? Manufacturers have their analytics, updates and licensing requirements. Devices can talk to their apps and each other. Alexa is always listening, as are Google and Siri.

The proven poor track record of information security hasn’t been any better in the IoT space. What will be an inflection point is when a high-profile target is compromised – a celebrity, a politician – and then the weight of the legal system is brought to bear on the manufacturer/software developer. Security standards need to be created for IoT – and Arrow ECS and ArrowSI are working in that space.

ArrowConnect

ArrowConnect allows for IoT developers, manufacturers, software suppliers and middleware to have a secure platform to further leverage IoT. As we move forward into new devices and new markets, security remains a critical piece in ensuring data integrity and privacy, as this information is far more personal and relevant to people. From an infrastructure standpoint, IoT security is paramount, as we increasingly rely on automation and software to control water, power, sewage and traffic in our large cities. As those cities develop, the technology naturally moves “downmarket” into mid- and small-sized cities. Securing these devices and their networks is critical, and requires careful planning, forethought and a willingness to actually STOP business—or at least pause it—to fully understand the ramifications of connecting all these devices.

Let Arrow help you craft a strong security plan around your IoT strategy before the Poltergeist reaches through and makes mess of things. Contact our security expert, Davitt Potter, for more information.