It’s IoT Week at SitePoint! All week we’re publishing articles focused on the intersection of the internet and the physical world, so keep checking the IoT tag for the latest updates.
The Internet of Things (IoT) is taking the world by storm. The millions of connected sensors and smart devices that are being deployed on a daily basis in homes, offices, cities and even on our persons are creating unprecedented opportunities in cutting costs, reducing energy consumption, improving efficiency and customer services, and better understanding how we interact with our environment.
The IoT, hailed as one of the biggest breakthroughs in the history of the tech industry, will soon be an inherent part of every aspect of our lives, from retail shops to hotels, to cars and airplanes and practically everything we interact with.
But this added utility comes with its own set of caveats and requirements, which need to be met and overcome with the proper solutions and approaches. Here are four challenges to expect in the future.
IoT has already turned into a serious security concern that has drawn the attention of prominent tech firms and government agencies across the world. The hacking of baby monitors, smart fridges, Barbie dolls, drug infusion pumps, cameras and even assault rifles are portending a security nightmare being caused by the future of IoT. So many new nodes being added to networks and the internet will provide malicious actors with innumerable attack vectors and possibilities to carry out their evil deeds, especially since a considerable number of them suffer from security holes.
The more important shift in security will come from the fact that IoT will become more ingrained in our lives. Concerns will no longer be limited to the protection of sensitive information and assets. Our very lives and health can become the target of IoT hack attacks, as was shown in the hacking of pacemakers. Critical city infrastructure can also become a target, as the Ukraine power grid hack warned us last year.
There are many reasons behind the state of insecurity in IoT. Some of it has to do with the industry being in its “gold rush” state, where every vendor is hastily seeking to dish out the next innovative connected gadget before competitors do. Under such circumstances, functionality becomes the main focus and security takes a back seat.
Also, many IoT developers often come from an embedded systems programming background and are ignorant of the threats of IoT programming. They don’t necessarily have the knowhow and expertise to program for the hostile connected environment of the internet, and end up dishing out code that is reliable from a functionality perspective, but can easily be exploited remotely.
Scalability issues also contribute to the creation insecure IoT products. The fact is that many security solutions being used today have been created with generic computing devices in mind. IoT devices often lack the computational power, storage capacity and even proper operating system to be able to deploy such solutions.
Some of the data that IoT devices collect are very sensitive and are protected by legislations such as the Health Insurance Portability and Accountability Act (HIPAA) in the U.S. and are fundamentally different from our browsing and clicking habits. Yet the necessary precautions aren’t taken when storing the data or sharing it with other service providers. Vendors and manufacturers must either discard this data or remove the Personally Identifiable Information (PII) to make sure that consumers aren’t damaged in case of data breaches.
Another consideration to take is that while data generated about a single appliance (such as a smart toaster) might not be sensitive per-se, yet when combined with data from other devices, it can reveal information such as the consumer’s life pattern, which can become very damaging if they fall into the hands of the wrong people. In many cases, criminals don’t even need to pry into your encrypted communications in order to obtain the information they want. A study by LGS Innovations elaborates on this issue and presents a DIY solution to protect IoT traffic and privacy.
Connecting so many devices will be one of the biggest challenges of the future of IoT, and it will defy the very structure of current communication models and the underlying technologies. At present we rely on the centralized, server/client paradigm to authenticate, authorize and connect different nodes in a network.
This model is sufficient for current IoT ecosystems, where tens, hundreds or even thousands of devices are involved. But when networks grow to join billions and hundreds of billions of devices, centralized brokered systems will turn into a bottleneck. Such systems will require huge investments and spending in maintaining cloud servers that can handle such large amounts of information exchange, and entire systems can go down if the server becomes unavailable.
The future of IoT will very much have to depend on decentralizing IoT networks. Part of it can become possible by moving functionality to the edge, such as using fog computing models where smart devices such as IoT hubs take charge of time-critical operations and cloud servers take on data gathering and analytical responsibilities.
Other solutions involve the use of peer-to-peer communications, where devices identify and authenticate each other directly and exchange information without the involvement of a broker. Networks will be created in meshes with no single point of failure. This model will have its own set of challenges, especially from a security perspective, but these challenges can be met with some of the emerging IoT technologies such as the Phantom protocol, or leveraging the success of other tried and tested models such as the blockchain.
Compatibility and Longevity Challenges
As an industry that is going through its baby steps, IoT is growing in many different directions, with many different technologies competing to become the standard. For instance, we currently have ZigBee, Z-Wave, Wi-Fi, Bluetooth and Bluetooth Low Energy (BTLE) all vying to become the dominant transport mechanism between devices and hubs. This will cause difficulties and require the deployment of extra hardware and software when connecting devices.
Other compatibility issues stem from non-unified cloud services, lack of standardized M2M protocols and diversities in firmware and operating systems among IoT devices.
Some of these technologies will eventually become obsolete in the next few years, effectively rendering the devices implementing them useless. This is especially important, since in contrast to generic computing devices which have a lifespan of a few years, IoT appliances (such as smart fridges or TVs) tend to remain in service for much longer, and should be able to function even if their manufacturer goes out of service.
I’ve already discussed how the concept of abstraction and separation of concerns can help overcome many of the compatibility challenges that lie ahead in the evolution of IoT. Other notable efforts in this regard include the creation of platforms such as Afero and the Apple’s HomeKit, which enable developers to focus on functionality while letting the platform take care of communication and security.