The Internet of Things (IoT) is arguably here to stay. By the end of 2024, more than 207 billion devices are expected to be connected to the global network of tools, toys, appliances and gadgets, according to Forbes . However, in addition to increased efficiency and convenience, the IoT also brings with it a wealth of data and security risks. How can we better protect our data?
Author: Johanna Seiwald (ZHAW)
Dr. Stephan Neuhaus is a lecturer in computer science with a focus on security and conducts research at the Institute of Computer Science. He has been working in the field of security for 30 years and if I had asked him five or six years ago what he was researching, he would have replied “anything with security on it”. In the meantime, the field has changed considerably and has grown in breadth and depth. “Nobody can keep up with everything anymore”, he tells me in conversation, “everyone has specialized in core topics”. Stephan’s main focus is information security (ISE) and his research includes data security and the Internet of Things, or IoT for short.
“Would you like to connect with Roomba 42?”
The IoT is a collective term for objects that are networked with their digital identity and are therefore recognized via a wireless communication system such as Wi-Fi or Bluetooth. These include, for example, self-driving cars, smart light bulbs, hospitals and cities or networked vacuum cleaners.
Stephan sees this as a major risk, as cyber criminals can not only influence the digital world, but also the real world. If attackers hack into an electronic bank account, there is the potential for major financial damage because the account balance has been manipulated. In principle, however, this damage could be reversed. However, if a smart insulin pump, a pacemaker or a self-driving car is hacked, this can endanger human lives. Such damage cannot simply be undone “The stakes are higher when we talk about the security of the IoT. Data often has backups. But human lives don’t,” says Stephan. It seems to him that many products are currently appearing that are being made smart and networked without it being clear what the benefits of this smartness and networking are. He doubts that all devices need to be connected to the network. At the moment, he sees a wild west of products that are being made “smart” by companies, whether they make sense or not. These companies hope to invent “the next unicorn”.
Stephan sees another problem in the data generated by networking. For example, certain vacuum robots create a map of the home, which users can then use to control the robot via an app and exclude certain areas of the home from cleaning. At the same time, these maps are stored on the manufacturer’s servers. Who owns these maps? Are manufacturers allowed to view these cards? And what are manufacturers allowed to do with them? “There is currently no consensus on these questions,” says Stephan. And if the manufacturer decides to stop operating these servers, this functionality may no longer be available. Similar problems have often arisen in the past, for example due to the insolvency of the manufacturer.
CYREN ZH is a DIZH structure of faculty members of the ZHAW and the University of Zurich that conducts joint research, develops educational programmes and organizes events.