More isn’t always better: Three dangers of cheap IoT devices
More isn’t always better. Despite the Internet of Things (IoT) growing to 15 billion worldwide devices next year, many are cheap in price and quality. The result is lowering cybersecurity and overloading networks at a time when devices are increasingly entering the home and workplace.
This rapid increase in device quantity — with little regard for elements like usability and cybersecurity — is what some refer to as the “Internet of Crap”. A funny name, sure, but one with serious potential for damage. Let’s look at three real dangers created by these devices and what consumers can do to protect themselves.
Cybersecurity: More endpoints create more entry points
First and foremost, more endpoints create more entry points. Therefore, arguably the biggest danger wrought by greater device numbers is greater hacking targets. Cheaper devices often count lower cybersecurity standards like default passwords. Worryingly, reports estimate that 15% of device owners don’t change the default passwords of the devices they buy, leading to countless incidents of hacked smart doorbells and compromised cameras. Moreover, some vendors build devices that cannot receive security updates, while others simply don’t provide security fixes at all.
To add to the problem, hacked devices aren’t easily discoverable. A report of companies that use IoT technology in their workplace found about half don’t have mechanisms to detect if any of their devices had been undermined by bad actors. Therefore, most connected devices today rely on user action to bolster security.
The good news is that there are multiple ways to do this. One, simply enough, is to change any default passwords used by devices. Another is to prefer quality over price and buy devices from trustworthy vendors. Encryption, meanwhile, offers another, more advanced option to improve cybersecurity. For example, Public Key Infrastructure (PKI) uses asymmetric cryptography to create an initial trust setting between the client and the target device. The generated key is simply installed on the device to replace any “password” and grant authentication. This is another form of single-factor authentication, but one which stops brute force attacks.
Network: Information overload impacting performance
There are more connected devices right now than ever before. However, thanks to increased production, lower costs and higher demand, the coming years will see billions more. In addition to impacting cybersecurity, the ever-growing number of devices is overloading networks with information and slowing performance. As a result, homes and businesses are seeing enormous amounts of traffic coming from a wider selection of devices and ill-prepared networks could falter under the strain.
This avalanche of connected device data needs to be intelligently distributed and fast. The answer is to move away from the cloud and utilize other methods of connectivity. One growing segment is at the edge. Rather than centralized cloud servers, edge connectivity brings information closer to the source. As I wrote recently for RCR Wireless News, hosting and processing data at the edge is the logical next step for computing. It reduces the need for sending large volumes to remote locations with benefits to speed, usability, privacy and security. At the same time, it will be interesting to see how things shift with the global rollout of 5G. The telecommunications standard promises ultra-high throughput and could help to ease the network pressure.
Privacy: An unwanted insight into your home
Digital technologies are intersecting with the home in new ways following the pandemic. From thermostats to ovens, smart home devices measure variables and make changes without human input. The issue, however, is what happens if they’re compromised. Loaded with cameras and microphones, hacked devices pose serious privacy concerns inside the home.
To make matters worse, the attack surface of connected devices is huge. For example, an IoT ecosystem is composed of many different elements other than the device, including gateways and routers, communication protocols, platforms, APIs and the cloud, with data moving in both directions. Such fragmentation results in the potential for multiple vulnerabilities.
One way to defend against this issue is peer-to-peer (P2P) connectivity. This method bypasses the cloud by using servers to mediate the connection between client and device. As a result, this enables private communication between user and device while also improving latency to facilitate the best possible user experience.
Proceed with caution
There will always be a market for cheap devices. The issue is what these devices can bring unwitting consumers. In the absence of regulation for minimum device standards, it’s up to consumers to build safeguards before these high-tech objects enter the home or workplace.
Again, changing default passwords and implementing encryption can go a long way to protecting against bad actors. Likewise, users can also find success by connecting devices to an IoT platform. Here, such a platform bridges the gap between device sensors and data networks to remotely collect information, secure connectivity and execute sensor management
Of course, this requires extra effort from consumers, but the dangers of inaction are real. My advice? Proceed with caution.