Back in 2018, the number of Internet of Things (IoT) devices outnumbered the global human population for the first time. But that figure is going to be small potatoes in just a few years. Why? The explosion will continue to grow as people use as many devices for business as they do for pleasure.
Already, the IoT presents real security concerns: the vulnerabilities of cell phones are well known, even as both developers and personal device owners (including individuals and corporations) take extra steps to prevent data theft. The IoT phenomenon is trending away from complex gadgets and towards inexpensive and everyday objects. This trend is also what’s propelling us towards what’s known as disposable IoT.
Yes, soon, IoT devices will be available in single-use formats just like your Starbucks cup — and they’ll be more affordable than ever. At the same time, the IoT is about to become even less secure thanks to these devices.
Why the IoT is trending towards disposable
Even five years ago, few people could imagine throwing away an internet-enabled device; though, it didn’t stop quite a few of us from dropping our phones in the toilet. Anything with data capabilities cost at least a few hundred dollars (and usually stored the bulk of our data), so why would you throw it away? And when you did get rid of a phone, you went through the process of wiping it to protect your data in the event it turned up in the hands of others.
Phones and other sensitive devices are still at the core of our digital lives. However, the IoT is becoming more and more disposable thanks to impossibly cheap IoT chips and sensors. The Amazon Dash Button is the perfect example. As an extension of Amazon.com’s One-Click purchase system, you can place these buttons on items around your home and re-order the item from Amazon just by pressing it. Amazon previously offered a credit for $4.99 after the first purchase, making the button effectively free. Opinion on the Dash Button is split: it both takes the IoT too far while simultaneously making related technologies more useful.
The Dash Button is both simple and genius. Rather than adding a household item to your list to buy at the store or even searching for it online, you can press the button and order it immediately. It’s a level of convenience that’s the stuff IoT believers could only dream of 15 years ago – or it’s an episode of Black Mirror. Either way, it shows the promise and use of a disposable IoT device.
You can’t ignore the disposable IoT security issue
Whether you find the disposable IoT inane or inspiring, the security issue is something no one can ignore. Keep in mind that it’s not limited to single-use devices: warnings about the impossibility of securing the IoT began before the concept reached fruition. With so many devices connected to the internet, hackers have their pick of an incredible number of doors to access your network. Coincidentally, your IoT video doorbell could be the point of entry to your system and your data.
Some disposable items won’t do much to risk your security. There’s a limit to the amount of data generated by the cheapest sensors. The Dash Button sends information to Amazon via a low-powered Wi-Fi controller. It’s only on when you press it, and then it turns off. There’s not much to hack, and there’s not much value in making an effort to break in.
At the same time, as less innocuous players move into single-use IoT tech, things get trickier. The U.S. military is testing single-use cardboard drones. Healthcare and biotech are whole-heartedly embracing both the IoT and the disposable trend. The data in these industries are less innocuous, and there’s more value in finding a way into the systems.
The biggest risk posed by disposable sensors
What are the vulnerabilities explicitly posed by disposable IoT? Well, the first criticism is that when internet-connected devices are permanently online, they are always vulnerable to attack.
The issue of cybersecurity is true of the general IoT, but according to the Federal Trade Commission (FTC), perhaps the bigger problem is that many disposable IoT devices are just that. With new versions released on an almost rolling basis, many businesses may not see an incentive to provide patches and fixes that support the full useful life of a device. It may not even be possible to update all disposable devices. After all, many of these sensors could cost less than a penny.
Why is this such a problem? First, it’s because these devices are increasingly used for housing sensitive data. But also because these innocuous devices have already wreaked havoc. In 2017, a hacker made their way into a casino’s fish tank and then got into the rest of the casino’s system. They did it by exploiting PC-connected sensors that communicated data related to tank temperature, cleanliness, and food levels – not exactly high-value stuff.
However, it’s also a problem because consumers may treat these cheap devices in the same way developers do. They may underestimate the potential privacy threat that a $5 device represents. And this could be as dangerous as the flaws inherent in these devices’ design.
Protecting our data in the world of disposable devices
At this stage, the average consumer knows they need passwords on their accounts, locks on their phones, and also understands when and where to share sensitive data. People are reasonably well acquainted with the flaws found in cell phones and computers, but they may not yet understand the issue with their disposable devices.
The disposable IoT not only needs to benefit from basic security principles but also from thoroughly tested hardware. Mechanical engineers have a role to play in providing well-integrated sensors and controllers able to withstand things like Key Reinstallation Attacks (KRACK).
Translating this knowledge to the disposable IoT is perhaps the most significant task ahead. Between the developers using $0.01 sensors and the consumers who don’t have a full understanding of the link between their sensors and their data, there are real vulnerabilities. The only question is: Whose job is it to solve them?