Internet of things

The Two Real Challenges of the Internet of Things

The article is written by Julie Robles, founder of Raw Motion, one API to access IoT data.

Every week there is a new connected device on the market. A few days ago, Tag Heuer launched its smartwatch with Google, and last week I saw a €39 sleep tracker in my supermarket plaster section. Tech conferences are buzzing about the Internet of Things (Consumer Electronics Show 2015, Pioneers Festival 2015).

The Internet of Things (IoT) includes devices and sensors that are connected to a network to send and receive data. IoT has been around for a while, better known as M2M (Machine to Machine) and supported by telecom operator networks, using SIM cards to communicate. The first step was to enable the machines to listen to data sent remotely from sources controlled by humans or other machines and then talk back. Now, the next logical step is to make them intelligent. A smart device is a device that can action without requiring human interactions, for example turning the lights on because you are at home or stopping and saving the progression of the movie because you fall asleep.

The Internet of Things has already disrupted each and every one of the old industries: agriculture, urban infrastructures, factories, utilities, logistics, retail, and transportation.

Internet of things

What does this mean for the world as we know it? Whether it is in B2C or B2B market, the adoption of IoT devices will depend on the balance between their benefits and risks. Using data creates a lot of values if done correctly, like building secured homes for the elderly by detecting falls. However, it also means that organizations with divergent interests may access the data, legally (data are sold or granted to them) or illegally (they hack the database).

To exploit the many opportunities that come with the Internet of Things, we need to address the obvious challenges.

Challenge #1: How to make money

The business model behind the IoT plays a big part in influencing an enterprise's IoT strategy. Who are the customers? Who pays? How do companies reach their customers? Enterprises have to be sustainable and have to find a working business model.

While enterprises need to make money, they need to remain ethical on how they do their business and keep their users happy.

Selling data

On one hand, we have users who have the habit of accessing digital services for free.

On the other hand, data have are valuable for third parties who, for example, want to learn about the habits and behaviors of existing or target customers to tailor the product offering for them such as selling insurances. Another example involves analytics agencies who want to buy the same data to sell insights and user profiles for advertisements.

Selling hardware and services

Apart from selling data, companies can choose from following sales models: one-off hardware sale, one-off hardware sale with a small margin plus a monthly subscription fee, or paid coaching services on top of a FREE application e.g. to monitor your heart rates.

Advertising and discount partnerships are based on the model where company sells user data to another company. At the moment, selling the data seems to be a strong business model.

While enterprises need to make money, they need to remain ethical on how they do their business and keep their users happy without violating users’ privacy.

Privacy concerns

As soon as the users download an app, they have to give up certain rights on a lot of data, including seemingly unrelated data that have nothing to do with the app functionalities. Some data might not be used at the moment. Thus, the users tend to overlook this problem. They receive unwanted emails that go straight to spam. The users might not care about their “stolen” personal information today because this information is barely used. However, they will care later on when it becomes apparent the information being used without their consent.

Collected data are not only emails but also contain much more sensitive information such as the user’s locations, health details, driving behaviors, or spending habits. Many people are sensitive about revealing certain personal information and find others knowing about their private life an intrusion to their privacy.

However, this raises a question: “Who owns the data?”

Challenge #2: Security

It is important to note that security and privacy are two distinct concerns. Security is protecting data from being hacked. Privacy is protecting the data from being used with different purposes than originally intended or from being sold to a third party without prior consent. So while privacy is an ethical question, security is a technical issue.

Security has become a primary concern for adopters of IoT technologies. You probably heard of the famous Cherokee Jeep hacking incident which two whitehat hackers remotely hacked the cas and sent it crashing into a ditch.

What is the weak link in the IoT value chain of connected devices?

When it comes to security, where should industry focus its effort? What is the weak link in the IoT value chain of connected devices given there are many vendors?

IoT value chain

Does above model look a bit like the OSI model?

Who should be held responsible for data security?

In the IoT world, everything is an endpoint. Every participating player in the value chain, with its own products and standards, introduces another entry point that can be targeted by cyber attackers. The integrity of one player’s data depends on that of partners from its IoT ecosystem.

Is there a need for a standardized communication protocol?

Securing the data is difficult because of the lack of standard regarding communication protocols: NFC, Bluetooth, WiFi, Zigbee, LoraWan to name a few. As more vendors enter the IoT space, they will bring their protocols which mean more protocols to secure and keep up-to-date.

The IoT space is still young, and every player hopes his technology will take over the market. Consortia are forming, but it will take some time before there is a clear winner who sets the industry standards.

So what’s next

The Internet of Things is the next big revolution, but it still has many challenges to overcome. IoT adoption faces other questions at the moment: the use cases are not clear, the users have to create applications around the products, the prices are still high, and the hardware is fragile.

There are other challenges, but security and business model should be the two main focuses. As a business, you need to make money and not just following IoT trends. Not only that, there are big crises regarding security and trust which deter wider adoption of IoT. People will let smart devices into their lives when they will be able to trust them.

What other challenges you are facing right now that stop you from fully embracing the Internet of Things? We’re very interested in hearing your feedback.

About RawMotion: RawMotion aggregates data collected with IoT devices, and makes them accessible through one unique API.

Sign up to our beta list and be the first to know about our IoT Application Security Platform. Alternatively, follow us on Twitter @TeskaLabs.

Photo credits: Depositphotos

About the Author

Guest Author

A guest author is an SME of his/her topics or a friend of TeskaLabs.

You Might Be Interested in Reading These Articles

Android: The One That Gets The All the Attention - Developers, Hackers and YOU

Android is considered one of the best operating systems used in smart phones. This operating system is backed by Google, the number one search engine. The Google Play has become an obsession now, enjoying the biggest number of smart phone apps. Many of them are absolutely free. But what if we tell you that Android is the easiest operating system to hack and even customized apps such as Gmail can be hacked. Recently it was checked and confirmed that Gmail is one of the top endangered apps, which can be hacked very easily.

Continue reading ...

android security

Published on January 20, 2015

How to Teach Your Kids to Safely Play Pokemon GO

This summer something strange has occurred in my household. Suddenly, all of my children ranging in age from 9 to 18 are willingly piling into our van the minute I mention driving anywhere- even to the grocery store. And it’s not my company or the possibility of picking out this week’s cereal they are seeking. No, they are merely wanting a ride to aid them on their hunt for elusive Pokémon.

Continue reading ...

security mobile musing

Published on August 30, 2016

OpenSSL DROWN Vulnerability Affects Millions of HTTPS Websites and Software Supporting SSLv2 (CVE-2016-0800)

DROWN is caused by legacy OpenSSL SSLv2 protocol, known to have many deficiencies. Security experts have recommended to turn it off, but apparently many servers still support it because disabling SSLv2 requires non-default reconfiguration of the SSL cryptographic settings which is not easy for common IT people who have limited security knowledge and don’t know the location to disable this protocol and the way to disable it.

Continue reading ...

security bulletin blog

Published on April 12, 2016