India must tune its policies to accommodate the emerging challenges, and companies must bring in better security to IoT products
In 1983, a Canadian newspaper asked iconic science fiction writer Isaac Asimov to give his impression of how the world will look like in 2019. The question was significant because within a few months the world would hit 1984, a year that was already made infamous by George Orwell, whose book of the same name had predicted a dystopia of authoritarianism for the world, where the Big Brother kept a close, vigilant watch on his subjects.
The world in 1983 was not a great place to be, to be frank. The Cold War was on, and the US and Soviet Union were vying with each other to excel in controlling people, ideas, trade and technology. Orwellian surveillance was a reality. Everyone spied every other one. And technology helped them immensely in these dirty missions.
Asimov, being one of the most prolific and intelligent writers of science fiction, knew this, and he felt technology is going to be the most powerful force that would shape the future, transforming all spheres of public and private life. So to the question from Toronto Star he said: The mobile computerised object will penetrate the home and the increasing complexity of society will make it impossible to live without this technology. Clearly, Asimov wasn’t talking about the smartphone or the Internet of Things (IOT, web-connected network of equipment and appliances). But he knew computerisation would conquer our homes, from the kitchen to the corridor.
But that possibility didn’t seem so stark till a few years ago even when smartphones started entering (flooding) our most intimate spaces, from the living room to the loo. The homes were not taken over by the devices yet. But that possibility vanished with the arrival of IoT devices, which are now performing a coup d’état of sorts inside residences. Already, the world has more than 20 billion IoT devices and in a few years IoT devices will surpass smartphones in sales and use. Technology industry tracker IDC estimates worldwide technology spending on IoT will reach $1.2 trillion in 2022, at a compounded annual growth rate of 13.6 per cent over the 2017-2022 forecast period.
That’s a lot of money. And a lot of people are going to depend on IoT devices, which include smart bulbs that can be operated using apps and voice, virtual assistant-controlled refrigerators and storages, smart speakers, smart locks, doors and mats, wearables, and a lot of known and unknown devices that would collect your personal data and use that to make life better for you. In all likelihood, life is going to get better for the users of IoT. And that’s precisely why more people will buy IoT devices and that’s why big money is flowing into the market. Last year, research firm IoT Analytics estimated that the global IOT market would balloon nearly 40 per cent from 2017 to reach $150 billion in 2018. We are in 2019 now, and estimates available suggest the IoT market is booming beyond expectations. In India, a report by the Internet and Mobile Association of India and consultancy Deloitte says that by 2020 the IoT ‘opportunity’ will be of worth $12 billion (nearly ₹85,000 core).
That said, not everything is hunky dory with this path-breaking technology and its offspring products. Recent research suggests IoT devices suffer from security vulnerabilities. Considering the high stakes involved, these reports must make consumers, policymakers and even the industry players sit back and take note. IoT devices are vulnerable to malware threats, called botnets. These are web-connected devices running bots (short for robots, meaning computer programmes). Third parties can use botnets for performing malicious tasks on IoT devices. These acts include data theft, spamming, privacy breaches and even spying.
These threats were not many when the market was starting to spread wings. But now several reports suggest the threats of botnets are clear and present. Just this week, cyber security firm Kaspersky said it detected 105 million attacks on IoT devices coming from 276,000 unique IP addresses in the first six months of 2019. Kaspersky says this figure is nearly nine times the number found in the first half of the year 2018, when only around 12 million attacks were spotted originating from 69,000 IP addresses. The security firm feels cyber criminals are exploiting weak security of IoT products and intensifying their attempts to create and monetise infected IoT networks, according to the report IoT: A Malware Story.
Threats and threats
Just a few months ago, an Elsevier journal, Computer Networks, published a paper ‘Current research on Internet of Things (IoT) security: A survey’ by Malaysian computer scientists Mardiana binti Mohamad and Noor Wan Haslina Hassan. According to the paper, the main objective of IoT security is to preserve privacy, confidentiality, ensure the security of users, infrastructures, data and devices. But making sure that these tenets are met is going to be a tall order, considering the way cyber criminals operate. Already, there are several reports of IoT devices being used in cyber warfare between countries, of hackers hijacking consumer IoT devices to mine cryptocurrencies, and more. The current amoebic nature of the IoT networks and even the market makes it difficult to spot and check such misuse.
One way to tackle such misuse is to understand the ubiquitousness of IoT vulnerability. Soon, smart fridges or doors will be dotting every household in India. Traffic systems, power grids, almost all essential networks will have IoT, and any breach into them could mean disaster. The moral of the story is: IoT security is paramount. The paper in Computer Networks says according to the IoT security architecture, security mitigation encompasses all the layers in the basic IoT architecture — perception, network and application — even though it is observed that most of the current mechanisms are applied to the network layer.
This situation calls for three key approaches. First, policy must understand the risks and formulate creative and collaborative IoT regulations that will protect privacy. Second, companies must make consumers aware of the threats involved, and educate them. Third, consumers must demand better security for their products and force businesses to put it better curbs. Also, they must demand governments to stay away from seeking backchannels from companies and accessing precious private data and from using such systems for performing surveillance acts on citizens.
This is important. Asimov meeting Orwell is not a great idea for the future of our societies.