The dark side of IoT

Marcin Sikorski
Calendar icon
6 lutego 2019

Whenever I bring up the topic of the Internet of Things, the question always comes up regarding how secure the technology is and whether it can be trusted. This is an interesting doubt at a time when the media is frothing with delight at the potential of IoT while drowning out logic and common sense.

We have entered an era where everyone is discussing and talking about the Internet of Things. Everyone is enthralled with the possibilities and improvements that the implementation of this technology brings, giving it the character of a technological renaissance.

Banking, public, tourism, energy, medical sectors; smart cities, homes factories and offices -- we are all expected to buy into the IoT, which is redefining the framework of tomorrow. Smart systems will monitor and control energy consumption. Transportation will become newly exciting and safer than ever before. Data analysis will be efficient and rewarding. Robotics and digitization will free up human resources for more creative tasks. The environment will be safe, green and free of routine, while sensors and actuators will automate the busyness of everyday life.

The snag is that in all this madness two aspects are being forgotten -- safety and technological hygiene of solutions.

After all, let's consider how, with such a variety of devices and the vastness of technologies, protocols and communications, users of the Internet of Things will increase the threat of a range of attacks.

Starting with the takeover of a vehicle or machine whose behavior can be manipulated, through obfuscation/data corruption in the area of health and medical devices, for example. From deprivation of power supply, rendering a product useless, to DDoS attacks on products that process critical data. And let's not forget e-identity theft or unauthorized leaks of private data. What about tracking and monitoring of individuals and their behavior or manipulation of virtual finances? Examples can be multiplied although at the center of each problem we will find insufficiently secured gigantic volumes of valuable data.

IOT in the service of governments

While this is a visible and significant problem that should be addressed whenever the magic phrase "Internet of Things" is uttered, I find it much more disturbing when this type of behavior and exploitation of system leaks ceases to be the domain of home-grown hackers but becomes a conscious part of government operations.

Let's take China and XinJiang Prefecture as an example, where the Internet of Things has been adopted on a scale never seen before, making the area an Orwellian fantasy and a dream come true.

The territory in question is a strategic territory on the Silk Road 2.0, which contains gigantic amounts of natural resources (oil, coal, minerals) and is occupied by a diverse and multicultural expatriate community. The problem is that this autonomous corner is also the flashpoint of many conflicts ignited by separatist tendencies and radical Islamism. But it's hard to make peace when the neighborhoods of Tibet, Mongolia, Russia, Kazakhstan, Kyrgyzstan, Tajikistan, Afghanistan and Pakistan mix in the melting pot.

With the rising tide of violence and uncontrolled attacks, Chen Quanguo -- a high-profile politician and secretary of the Chinese Communist Party -- has decided to restore calm in the area with a new security policy, with the Internet of Things at its center.

There has been increased adaptation of sensors, cameras, beacons and other electronic products that would enable direct identification and monitoring of citizens. An electronic system that compares and assigns (with ~90% probability) citizens' faces was adapted (the state ID card database was used for this purpose). The frequency and type of Internet communication began to be monitored more closely. There has also been increased action on the issuance and tracking of "potentially dangerous" products (both electronic and ordinary ones such as knives, cleavers, hammers, etc.). where, by means of a QR code burned into the product's casing, the owner's personal data has been sewn in, to make it easier to identify individuals.

In addition, the aforementioned monitoring system operates as a semi-intelligent ecosystem (thanks to neural networks and Machine Learning), where the role of humans has been reduced to an absolute minimum, making the whole thing autonomous and independent of resources and human factors.

Citizen ratings -- this is no longer science fiction

In this whole surveillance frenzy, it is not only about knowing where a citizen is but also what he or she is doing. The overarching goal of the government's efforts is to introduce the so-called "scoring aspect," in which citizens are "estimated" by their daily activities, where they are or what they say. On this basis, a rating system has been created, in which negative behavior "downgrades you" to E, while positive behavior, such as obedience, raises the value to "AAA". This carries implications for, among other things, changes in interest rates at banks, access to a passport and ease of acquiring housing or land.

Crazy? Perhaps, but it has become possible precisely because of IoT.

It does, however, give rise to an interesting interpretation of where the Internet of Things itself is headed. Especially in the face of its technological immaturity. Like many IoT systems, it is still insufficiently well designed. The industry itself is struggling to create proper business processes and establish a universal product lifecycle. Standards for authentication or clean code are still in their infancy, and audits conducted for UX or data handling are still unsatisfactory.

As always, one should not generalize, but I feel some concern whenever the topic of IoT is brought up as a golden remedy for all the world's problems. A remedy that is supposed to revolutionize our lives. Even if that were to be the case, how much are we willing to sacrifice for the convenience of life? China has announced that it will roll out its point-to-point system nationwide by the end of 2025. Other countries are also considering such a concept though only experimentally for the time being.

What will happen after that still remains unknown.

Read also

Calendar icon

27 wrzesień

Omega-PSIR and the Employee Assessment System at the Warsaw School of Economics

Implementation of Omega-PSIR and the Employee Evaluation System at SGH. See how our solutions support university management and resea...

Calendar icon

12 wrzesień

Playwright vs Cypress vs Selenium: which is better?

Playwright, Selenium or Cypress? Discover the key differences and advantages of each of these web application test automation tools. ...

Calendar icon

22 sierpień

A new era of knowledge management: Omega-PSIR at Kozminski University

Kozminski University in Warsaw, one of the leading universities in Poland, has been using the Omega-PSIR system we have implemented t...