
Some of the dumbest inventions of recent decades are bursting forth from that wonder of our age, the internet of things (IoT). Take, for instance, the connected “killer kettle”. You can turn it on at the click of a smartphone app – even when the kettle is empty, creating a fire risk.
Then there are smart sockets that can be activated by an app, perhaps turning on electric fires that your housemate has since placed near something flammable. And let’s not forget the colour-changing smart light bulbs that hand user passwords to the next bulb someone plugs in – even when it is a hacker’s device in disguise.
These were some of the foibles revealed this week in a pair of reports by the UK’s Royal Academy of Engineering and PETRAS, a university-led group researching privacy and trust in the IoT. They urged the UK government to bolster and to secure respectively. With many IoT enterprises heedless of safety and security, it is little surprise that this has to be said.
Advertisement
Data leak
These reports are well meaning but, unfortunately, we have been here before. Four years ago, then UK prime minister David Cameron commissioned , which urged British innovators to dive hell-for-leather into lucrative IoT applications, with the caveat that “security considerations are not optional extras but should be considered at the beginning, and throughout the lifecycle of internet of things applications”.
So why, four years on, is the IoT still a boat full of security holes? The Royal Academy of Engineering says that these things simply take time, and that its report is moving the matter forward. But four years is a long time in tech: it represents two generations of Moore’s Law, the rule that every 18 months or so microchip capabilities double. This means that IoT devices have become more abundant and more powerful, some with new vulnerabilities.
Indeed, when PETRAS tested the smart kettle, it did something else that was alarming: “When we plugged it in, we found it was leaking data to a mystery server in Iceland,” said PETRAS co-director Rachel Cooper.
That international data leak is an important clue. Those who politick for nation state-based attempts to shore up the IoT don’t seem to grasp that this is a global issue. The IoT is estimated to contain some 8 billion connected devices worldwide now – , according to market researcher Gartner. There is no way that one nation can secure it. Billions of unsecured devices .
Cooperation is key
Instead, it is going to take a mammoth effort by a host of global regulators, including the likes of the Internet Engineering Task Force, the International Electrotechnical Commission and the International Standards Organisation. But coordinating efforts and keeping up with the increasing abilities of connected devices will take an agility that such organisations would struggle to jointly muster.
One measure the Royal Academy of Engineering is suggesting holds some hope though: it says inventors of connected technologies should “innovate in a responsible manner” for the sake of safety and security. Although it is not an easily enforceable notion, the guardians of commercial innovation, the world’s patent offices, could take on part of this assessment.
How could that work? When connected device patents are about to be granted, examiners could check that the inventions incorporate key security and safety measures. If not, the granting of the patent would be delayed. That may sound harsh – doubtless some would call it a brake on innovation – but so is unleashing unsafe technology on the public. It would also require international cooperation.
Experts at the Royal Academy of Engineering, however, caution that this notion would be way beyond the usual business of patent examiners, which consists of seeking “inventive steps”. But it may be worth trying. Shackling innovation assessment to safety and security could finally provide the kind of incentive that spares IoT users from future killer kettles and lackadaisical light bulbs.
Read more: I never imagined a nuclear plant’s control system being online