Striking a balance between the risks and benefits of the Internet-of-Things — Tan Teck Boon

JUNE 9 — Are you worried about your online data privacy? If the answer is “yes”, then you need to be concerned about the Internet-of-Things or IoT — a catch-all phrase for the global network of Internet-enabled sensors, devices and systems which collect and share your personal data.

The billions of IoT products out there right now are wildly diverse and growing fast. They include fitness trackers, medical devices, household appliances, mobile gadgets and even automobiles.

Already, there are more IoT products than there are people and many more will come online soon.

Proponents say that once we are fully immersed in IoT, the technology will engender myriad benefits.

Besides being energy-saving, IoT products also enhance our situational awareness and quality of life through automation, they claim.

For example, when a sleep tracker is connected to a smart air-conditioner and coffee maker, the wearer not only wakes up to a freshly-brewed cup of coffee, but also feeling totally refreshed because the temperature is synced to his sleeping pattern.

So not only does the wearer of the sleep tracker know the quality of his sleep, he is also doing his part for the environment by letting the smart air-conditioner adjust the temperature accordingly throughout the night.

As appealing as this techno-utopian vision may be, it is unfortunately clouded by serious cybersecurity concerns.

The biggest fear right now is that IoT products will open up new points of attack for hackers to exploit.

Indeed, many IoT products do not come with built-in firewalls, encryption/authentication and antivirus capabilities.

We install security protection into our smartphones, PCs and tablets; but doing so with the smart toothbrush or kettle will be problematic due to their limited computing power.

According to estimates from Hewlett Packard, 70 per cent of IoT products currently in use are vulnerable.

In a sign of things to come, penetration tests designed to uncover security vulnerabilities in IoT products have shown that it is possible to breach home Wi-Fi networks via IoT appliances.

So hackers could, in theory, exploit weaknesses in everyday IoT products and work their way into corporate or government networks as employees take their infected gadgets to work.

In 2013, hackers breached the database of Target and stole the credit card numbers of 40 million customers apparently by hacking the American retail giant’s Internet-enabled heating and air-conditioning system.

In the worst case, hackers could take over or shut down major infrastructure networks throwing critical sectors like banking, transportation and telecommunications into chaos. The consequences would be catastrophic.

Or they might attempt to retrieve sensitive information stored in these networks.

IoT products collect a vast amount of personal data. Not just plain information like names, birth dates and contact details but revealing information like energy consumption patterns, geo-location data and lifestyle habits.

To the untrained eye, this kind of information means nothing but in the hands of sophisticated criminals, it can be used to make scams more elaborate and convincing.

The reality is that IoT is a “double-edged sword”.

Indeed, having an IoT security camera that lets you see what is happening in your house via your smartphone might make a lot of sense when you are away, but it also means that cybercriminals could watch you in your own home if the system had been compromised.

Common sense tells us that we should not share anything online that we do not want others to know about.

But with the advent of IoT, the datafication of our most intimate personal information is unavoidable; more importantly, we will not have a choice about it.

So if you are concerned about your online data privacy, then you should definitely be worried about IoT.

Do we have a choice?

Shunning IoT products completely would be unrealistic since they do bring myriad benefits. Furthermore, as existing electronic products get phased out, users have no choice but to replace them with IoT ones.

Try buying a rear-projection TV today or apply for a job without a smartphone and you will see the impracticality of snubbing the latest technology. If turning our backs on IoT products is not feasible, then what we need is prepare for its inevitable arrival.

For major organisations, this would mean integrating IoT products in a step-by-step fashion — taking the time to evaluate technology with greater care.

The government can certainly help by assessing every IoT product for potential risks.

If an IoT product is deemed too much of a cybersecurity risk then it should definitely not be integrated into the broader network.

The government also needs to set industry standards to ensure that IoT product manufacturers do not cut corners on their goods since building in added security features will eat into their bottom line.

Apart from enhancing security in the cyber domain, the government can also put in place tougher data protection measures to limit abuses of personal information collected by IoT products.

Lastly, consumers play a crucial role too; besides ensuring that their IoT products are secure, they must also be responsible enough to avoid those that are not.

Ultimately, we must recognise that there is no software-based product out there right now that is “hacker-proof”. So some loss of online data privacy is to be expected as we enter the IoT age.

The key then is finding that balance between risks and rewards — that sweet spot which allows us to enjoy the upside while keeping the pitfalls to a level that is tolerable. — TODAY

* This is the personal opinion of the writer and does not necessarily represent the views of Malay Mail Online.

Related Articles