With the increase in number of connected devices, IoT or Internet of Things is being seen as the next big thing in travel industry. From indoor navigation to keyless entry systems, we are being enveloped in an ecosystem of connected devices. Connected cars and transportation network will also play a significant role in transforming ground transportation, making it safer and more efficient. While the idea that all your devices and appliances can communicate with each other to simplify things for you is very intriguing, it is hard for an average user to understand what kind of data their new toys are throwing around.
This industry segment has seen more attention in media and major brands have been placing their bets on innovators in this space. This certainly had a multiplying effect and catalysed the growth in this sector over the past few years. In some cases, the investors see huge potential and in others, it is the fear of missing out. It could be either but, a research by ABI Research says that we will have around 41 billion connected devices by 2020. However, multiple security companies have highlighted the issues that this wave of IoT will bring along.
The prime challenges arise because of ubiquitous data collection and hardware challenges. You don’t know how smart is the smart pet monitor you are using while travelling. At this point, users barely know what data is being shared between these smart devices but this has to change. Companies, big or small, need to have a stronger focus on securing the customer data. They also have to be more transparent about data use so that customers know what information about them is hovering around. Copious amounts of data is being generated and potential leaks can give away a lot.
The second challenge is a quite obvious one. A large number of connected devices are being made including some ridiculously low cost ones by barely known companies. Some of them even being disposable devices. Encryption and decryption is resource intensive and isn’t possible for tiny low power IoT sensor. Can we expect the low cost hardware to use encryption? Or can we expect the manufacturer to offer updates and fixes if vulnerabilities are discovered at a later stage? We have our doubts. With brands like Intel and Qualcomm in the playground, we can assume that they will help minimise the security concerns. But along with that, the un-named, low cost luggage tracker has to go away. Maybe we have to take a step back before we can jump forward.
The hardware challenge isn’t limited to just some of the unsecure bits of hardware like sensors and actuators. The number is high and as more devices are connected, there are more vectors. The massive network that we are building will make security complex to manage with the high number of variables involved. Security management will have to be automated like in some enterprise networks but that is just a small part of what is about to come in future.
With most of the technological innovations, the rush is towards bringing the product to the market and security is often an afterthought. Disruptive technologies and products often tear through the boundaries defined by existing laws and regulations. Initially product design and ease of access takes priority over security, which means just the basics of security are taken care of. It is only after the product takes a significant scale that the regulators and bigger tech companies try to add security into the equation. Remember how booking a flight online used to be a one step process in early days of internet banking in India? Nobody likes waiting for an OTP or remembering another password to make payments but it was important, even if it meant toning down the customer experience a bit. There were no regulations for Uber in the early days. Neither was Airbnb bound by any laws. We may see this as a tapering the path for technology but it is important. It is time the same is followed for IoT. We don’t want to see these issues pose a bigger challenge when we are heading for a trip in our driverless car, do we?
As mentioned earlier, the tiny chips following outdated architectures pose the biggest threat. Low power consumption and low cost are the obvious advantages of using outdated hardware. To address that, the bigger players are offering tools to developers to create real products that have security taken care of right from the design level. Google Weave, a communication platform between devices and cloud services and Brillo OS for IoT devices is a good start point. Microsoft also announced BitLocker encryption and Secure Boot for Windows 10 IoT last year. This will allow for security standards to be adopted by a good number of developers and help with industry wide adoption.
The next logical step would be to design devices that store only the information they require. The key fob of my car shouldn’t save my entire driving history because it isn’t required to unlock the car or the car WiFi shouldn’t have access to locks. Along with this, there should be more transparency about what data is being stored on and shared between devices.
Loopholes, as they are discovered, will have to be fixed. That is why it is also important that there is a sound plan manufacturers have in place to add security updates to their devices in future.
Last year, various leading tech companies joined hands to start Internet of Things Security Foundation, a body that will try to put light on previously ignored security challenges and encourage manufacturers to consider IoT security right from the drawing board.
For now, it may appear that the push for security will put all those crazy Indiegogo projects on a standstill but in the long run, it is going to benefit IoT industry. With that, we might see even more applications in travel industry and better use of customer data by connected devices.
How big of a challenge do you think IoT security is? We would love to hear your thoughts.