Latest ITAM News

Embracing the Internet of Things

The Internet of Things (IoT) is described as the network of physical objects; portable and stationary devices, clothing, environmental sensors, traffic sensors, consumer goods, vehicles, buildings, humans and animals; the list of possibilities is equal to almost everything on earth. There are already millions of items with electronic sensors that are connected to the internet. In November 2015, Gartner estimated 6.4 billion connected things will be in use in 2016, a 30% increase from 2015. Using software, sensors, and network connectivity enables the collection and exchange of data with these objects. The goal of IoT is to have mobile, virtual and instantaneous communication to create a “smart” environment. This ambitious goal is already underway, with “every major global government and every major economic block” investing heavily in the IoT. This will change life as we know it.

Depending on the source of the information, research indicates that the Internet of Things (IoT) actually started in the mid-1990s when a young brand manager in the U.K. named Kevin Ashton became aware that a product he was in charge of, a certain shade of brown lipstick, kept disappearing from store shelves; the existing inventory system was incapable of maintaining that product in stock. Since this fell within the realm of his work existence, Ashton set out to find answers to his inventory dilemma. Bar-coding was the first logical inventory control step, but that did not supply the location information that Ashton was looking for. He later became aware of a “radio-enabled” chip (later called RFID) that allowed bits of data to be transferred wirelessly, without a reader.

Ashton surmised that if RFID devices were attached to products such as the lipstick packaging, the transmitted information could communicate to the store’s inventory system what products were actually on the shelves at any given time. It was this kind of innovative thinking that started the Internet of Things. And rather than one giant leap due to a major discovery, the IoT it is really a combination of small steps leading to filling many needs.

It’s an interesting fact that the name “Internet of Things” was not used until 1999, especially since the development of this process dates back to the early 1980s when a Coke machine at Carnegie Mellon University was connected over the internet to programmers several floors above the machine. Simply put, the programmers used the internet to determine if there were drinks available in the machine before physically walking several flights of stairs to the machine for sodas. This seems to be the first recorded instance of an internet appliance.

Around the same time, computers had become embedded in our work and personal lives. The rate of technological growth has since continued at a rampant pace. In a projection of growth published in 2012, the Emerging Future, LLC estimated that technological advancement would be 32 times more advanced in just five years and a thousand times more advanced in ten years.

Many are suggesting that the IoT is the next major wave of technologic growth and that the IoT will be involved in meeting business and personal needs with a staggering impact based on an equally staggering amount of data. With the IoT still in an early stage, ideas are tested daily on how to use the capabilities. Sensors that communicate information such as movement, temperature, activity, moisture, light, salinity content, Co2 and toxicity levels, proximity, personal data, and health information are already in use. With the breadth of possibilities, examining the current applications of IoT is probably the best way to illustrate the change that the IoT represents.

Applications for a connected/smart home are already available with the ability to communicate and receive data. The interactions made possible include signaling your home when you are within a certain distance to turn on lights, adjusting the heat to your optimum temperature, brewing coffee, and opening the garage door when your car enters the driveway. In a specific example, Amazon is partnering with General Electric and other smart device manufacturers to enhance the existing Dash Replenishment service. What first started as one-button ordering is now automated through the use of sensors built into (for instance) washing machines and pet feeders. The sensors constantly measure how much product is used and when a certain level of use is reached, products are ordered and shipped automatically. It seems that the automated smart activities will eventually be limited only by your imagination, and of course, your budget.

There are applications for delivering services at a community level. Some areas have installed sensors that gather real time data about the level of contents in a city waste receptacle. The data is transmitted to the waste management company to be used to schedule emptying of the receptacle. This process allows the trash pick-up crew to bypass receptacles that do not need service, thus saving fuel and personnel hours.

Another smart city device is a wireless outdoor lighting control device that senses the lack of traffic and pedestrians and then automatically reduces (or increases) the light intensity. This smart function reduces energy costs.

What about overly-crowded city parking? Imagine huge multi-level parking structures that guide drivers directly to empty parking spots via LED indicators, eliminating wasted time and gas driving around looking for an empty spot to park. A smart garage can even indicate whether to enter based on the presence of a known empty spot. The familiar IoT application of an automated payment system for toll roads can be easily included in this garage scenario by means of a transponder in each vehicle.

There are applications that combine public data such as current and projected weather conditions, with specific private data to create a smart product that disperses optimal amounts of water only at times and in areas that are calculated to be most in need. This is accomplished by means of sensors (built into devices such as Droplet) that measures moisture in the soil. The data is combined with weather data so watering never happens just before it rains. Savings of up to 90% on water bills have been reported.

Farmers across the globe use water control systems with IoT components such as the CropX sensor, WaterBee , CommonSensor, among many other such devices. IoT facilitates the combination of genetic information about crops with data about the soil that the crop is planted in. The process can include tapping into public weather data sources to facilitate calculations that determine how closely, deeply, and frequently to plant seeds, use water; how much and when, and when to spray pesticides on a given area of farmland.

Smarter, more efficient healthcare is a possibility on the horizon. Instead of just wearing a bracelet that contains information about you (which is certainly helpful), the smart-future presents the option of wearable devices that have a complete health history and are able to detect and identify many known health problems. When a health problem occurs, the device initiates contact with first responders or family members with specific health data, current patient data, and a GPS location. Vitals could be continuously transmitted, and the possibility exists for an IoT device to be able to administer life-saving drugs.

Some hospitals already use “smart beds” that monitor patient’s movements to guard against a patient getting out of bed when that represents a danger to them. These beds are also designed to minimize the need for manual help from nurses and other health care workers by sending a constant flow of data to a central receiving station and automatically adjusting the bed’s physical configuration to the needs of the patient. Each bed senses the patient, determining when and where to adjust pressure points and support areas.

All of the ideas and innovations listed here are but a small fraction of what is to come. It seems like all of the objects in our environment that we touch, see, hear, and even smell will be able to react to our presence or to the environment surrounding it.

Despite the best intentions of these innovations, these improvements open up new concerns and fears along with the services. The new capabilities could be exploited and used to prey on others. As technology advances, so do the criminal actions utilizing that technology. Identity theft and fraudulent financial transactions are two major concerns that are dogging technology and connectivity already. As we become virtually interconnected with everything, what will the problems be and what will we be giving up? The potential for devastating problems is as great as the opportunities.

“Everything you want in life has a price connected to it. There’s a price to pay if you want to make things better, a price to pay just for leaving things as they are, a price for everything.” –Harry Browne.

It has been estimated that if all data from the beginning of time until the year 2000 were gathered, it would equal less data than what is being created now, every minute. This phenomenon is transforming us, our world, and everything in it. This big data, with sources from all over the world, are inspiring innovative ways to sort it out for optimal use.

This collection comes with the potential downside of disseminating information about what we do, what we like, and our habits. Each time we use a smart phone, an app on a tablet, a smart watch, or a computer, we are creating a digital map of who we are. Our searches on Google, interactions on Facebook, and tweets are all information markers in the ever-growing digital map that we build about ourselves during our digital interactions. Each action makes the map just a little bit more accurate.

Here is a realistic scenario: A person searches Google maps looking for directions from a city within a state, to another location; that is data. Another Google search in the same area about hotels, or recreational activities is more data. Then, that same person makes calls to that same area, possibly for information verification; talk to a friend or relative in that area, call a restaurant; all of which become a part of the data collected. Things are looking good, so the credit card comes out to make bookings for flights and/or rental car, hotel, etc. (more data). Now, and this is unbelievable, some people are so happy about what they have accomplished, they post information on Facebook about their upcoming plans; IN DETAIL! MORE DATA!

The conclusions from this data are easy to figure out and accessible to a determined investigator or cyber-criminal. And this example is just the tip of the iceberg. This does not even take into consideration the day to day informational footprints we leave for digital trackers. Google already knows who we are, including our age and gender. Our smart devices give information about where we have traveled. Social media tells everyone an inordinate amount of personal information to the people of the world because we constantly feed it with posted updates. Our phones know where we are, and the speed in which we travel; anywhere, anytime. Our credit card companies (and any entity they give our information to) know what we buy; and where we shop. The grocery store knows what we like; phone apps collect various data from us at a relentless pace. This is really big data and it can certainly be used against us.

When considering the above digital scenario, a recent article is very accurate when classifying the IoT “a gift to spies.” The sensors built into mobile phones measure motion, orientation, magnetic fields, light, proximity, etc. and all of this information can (and will be) part of the Internet of Things if the device(s) transmit data over the internet. It doesn’t even matter that the mobile device is turned off; data is still available.

The breadth of data that will be available with IoT removes anonymity and provides the opportunity to pull disparate data together to create additional information about us beyond our shopping choices. As James Clapper, Director of the U.S. National Intelligence stated when he recently testified to the U.S. Senate: “In the future, intelligence services might use the [Internet of Things] for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials.”

With the IoT constantly feeding public and previously private data into the internet cloud, it is obvious that unless care is taken, countless entities will be able to use that data for their own gain.

Information security is struggling to keep up with the risks represented by the high degree of connectivity and the massive amounts of data being created by IoT. The level of security weakness was spelled out in a 2015 report published by Hewlett Packard Enterprise called the Internet of Things Research study.

The HP Enterprise Security Research team reviewed ten popular electronic devices commonly used in IoT applications and included TVs, webcams, home thermostats, remote power outlets, sprinkler controllers, multiple-device controller hubs, door locks, home alarm systems, scales, and garage door openers. The devices all had mobile applications for remote access or control and most had some type of cloud service. The study uncovered an alarming number of vulnerabilities per device. Additional results for the ten devices were:

• 9 out of 10 collected at least one piece of personal information
• 8 out of 10 failed to require passwords of a sufficient complexity and length
• 7 out of 10 used unencrypted network service
• 7 out of 10 made it possible for an attacker to identify valid user accounts

The results of that study are frightening.

Every day, people are using medical devices that may be vulnerable to hacking. Computerized equipment that may be hacked include: infusion pumps, insulin pumps, cardiac defibrillators/pacemakers, deep brain neurostimulators, gastric stimulators, foot drop implants, and cochlear implants. A critical flaw begins when these devices are shipped from the manufacturer with preset user names and passwords that are to be changed by the purchasing facility. Because changing the password is only a recommendation and not mandated by law (yet), the user information is sometimes kept the same for staff convenience. This allows anyone with basic medical equipment knowledge or access to the manufacturer’s documentation the ability to control those devices (sometimes remotely via internet). The control can include creating new passwords which would then lock other people out.

In addition to a hacker gaining control of an IV pump, ventilator, or other medical equipment, consider the possibility that the hacker could access the medical facility’s network through the hacked device, opening up the possibilities for cyber-criminal theft, espionage or ransoming of data. White hat hackers have shown this level of access is a relatively easy task when outdated software and weak cyber security practices are used within the medical facilities’ and the medical equipment suppliers’ environments.

Once network access is gained by the hacker, the ultimate payoff is within reach; patient data. Medical information is the “Holy Grail” for cyber-criminals because this information “can be worth 10 times as much as a credit card number.” Sometimes, the goal may not be just money; it might involve the attainment of information to damage a specific target. For instance, confidential medical data could be used to thwart a run for public office. The list of damages is almost unlimited.

What happens when our vehicles become part of the web? Automobile software vulnerabilities have already been exposed by hackers, mostly to prove it could be done.

Cyber security experts Charlie Miller and Chris Valasek remotely hacked a Jeep Cherokee while the vehicle was in operation. They did this from their home with a laptop computer entering the Jeep’s electronic system using the built-in online entertainment system. Once in, the pair altered the Jeep’s speed, braking capability, radio, and actuated the windshield wipers. According to the Business Insider article, the pair said it was a fairly easy job. “We might be good at what we do, but this was a weekend project,” Miller said. “What if we did this full time, or got paid to do it?”

The Internet of Things is really quite new to the world. As devices are designed for IoT, much of the developmental focus is on the functional capabilities of each item and how those devices can make our lives better and easier. This generation of devices is designed with the ability of being controlled remotely, functioning from the inputs of various web-based sensors. Comparatively, the effort invested into development of long-term security for each item seems to be an afterthought at best.

Are we unknowingly laying the groundwork for our smart world demise; building a future for weapons of mass disruption? Now, warfare has computer codes as a delivery mechanism. Logic bombs replace explosive bombs and traditional projectiles. Cyber fires are ignited to impact human life. Cyber-wars are won with the use of cyber-attacks; some of which may be directed at facilities that maintain critical equipment. Power grids can be shut down, dams opened and air traffic control disabled. The list of destructive actions that need to be prevented is very long. The worst part is that that anyone, anywhere, in any country can be the victim.

Black hat hackers can sell their “cyber-ammunition” to anyone regardless of location. The world is a different place now that attackers do not physically have to be near the intended attack. The most frightening aspect of devastating cyber-attacks is that an individual hacker, terrorist, or highest bidder of the destructive cyber-attack information can do as much damage alone as what used to take an army to achieve.

We must put cyber security at the forefront of IoT development. Fortunately, there are groups dedicated to information security including IoT security. One such organization is the Open Web Application Security Project (OWASP) Foundation, established as a not-for-profit organization in the U S in early 2004 as an open community dedicated to creating and maintaining applications that can be trusted. The OWASP Internet of Things Project “is designed to help manufacturers, developers, and consumers better understand the security issues associated with the Internet of Things, and to enable users in any context to make better security decisions when building, deploying, or assessing IOT technologies.”

Even in these early days of IoT, we already see that the IoT is the next wave of technology-based change. IoT introduces new levels of convenience and capabilities. Tasks are streamlined, saving time and money in so many ways. However, as devices join the Internet of Things, more vulnerabilities are discovered and the more likely our chances of becoming cyber-victims. The work going on today regarding data protection and privacy rights, along with a continued investment in cyber security is very important when considering the current wave and the projected tsunami of interconnected information that is; the Internet of Things.

About Dan Ingouf

Dan Ingouf is the Content Development Specialist for IAITAM.