Stories‎ > ‎

What You Should Understand about Internet of Things (IoT), by Kemal Piskin

posted Sep 28, 2015, 7:30 AM by Shawna Bay   [ updated Nov 4, 2015, 10:39 AM ]
The International Telecommunications Union defines the Internet of Things (IoT)[1] as "A global infrastructure for the information society, enabling advanced services by interconnecting (physical and virtual) things based on existing and evolving interoperable information and communication technologies." If you're wondering what the heck that means, then simply understand that all the little doo-dads and thing-a-ma-bobs that want to connect to your wireless network at home to provide a lot of cool features or services may also impact your privacy.

Your computer and smart phone are becoming almost trivial portions of your connected life. As more and more appliances, tools, vehicles and other everyday use items become internet connected, more and more of your private life is revealed. A few examples can be the ability to track your driving habits, what you watch on TV, know how much energy you consume, know when you're home (or not), what you stock in your refrigerator, and the status of your health.[2,3]  While on the surface some of this data sharing may seem trivial, once you provide your information, you immediately lose control over what happens to it. Those lengthy user agreements that vendors make you sign off on most likely provides language to protect them, not the user.

Additionally, IoT accelerates the obsolescence of durable goods such as washers, microwave ovens and televisions. The reason for this is simply because businesses cannot turn a profit if they have to provide software support for the life of these items and computer technology is cost prohibitive to upgrade after a certain point. So while the mechanical portion of your washing machine may work just fine for the next 12 years, the IoT portion has lost its security edge after 24 months because the manufacturer stopped issuing updates.[4]

Although there is a foundation for an IoT standard that includes security elements, not all IoT enabled devices provide even the most basic security features. And since many IoT devices include memory and processing capabilities, can you be sure that the TV you bought is only performing the functions you allow it to? How do you know they are secure? Recently Chrysler announced that millions of their cars could be affected by wireless access hacking. A similar situation exists for some Chevrolet Corvettes.[5] Many "smart" televisions are easily hackable since security was an afterthought to collection of all your personal viewing habits. Just a few months ago, The security company, BlueCoat, reported that they discovered an APT (Advanced Persistent Threats) exploited IoT BotNet.[6]

So how do you protect yourself? You have options. Some may even save you money:

  • First, when purchasing an appliance, consider the features you need. Typically "smart" or "connected" devices cost more than their non IoT version. If the smart features aren't overly compelling, skip them and keep some extra money in your pocket.
  • Does the device still work without internet services enabled? If so, you may want to consider not connecting it to your network.

  • If the device doesn't require a strong password, use one anyway.

  • Does the device you're considering buying provide services you already have? There is a lot of overlap in home IoT items. For instance, your smart TV may provide access to NetFlix, but so does your Roku or ChromeCast. Do you need them both to provide that connectivity?

  • Before you buy, visit the vendor's website and read their user/privacy agreement so you understand how they interpret their responsibilities to you as a consumer. What do they do with your data? Do they re-sell it? If you are not comfortable with their privacy statement, you may want to reconsider buying an IoT capable device from them.

[1] ITU, Internet of Things Draft Standard, August 9, 2015
[2] HP, Internet of Things Research Study, December 2014
[3] OWASP, OWASP Internet of Things Top Ten Project, December 2014
[4] ZDNet, IoT Device Security Degrades Over Time, August 11, 2015
[5], Hackers Cut Corvette Brakes Via Common Car Gadget, August 11, 2015
[6] BlueCoat, BotNet of Internet Things, January 9, 2015

About the author -

Kemal Piskin, ( is a retired Naval Officer who spent his career within the cryptologic and information warfare fields. Since military retirement, he has continued supporting his country as a defense contractor, primarily focused on cyber security, and currently serves as LGS Innovations’ Corporate IT Security Manager. Mr. Piskin holds a Masters Degree from Bowie State University and is CISSP certified.