Rewind and rewire: The IoT without the internet

Photo credits: John Carlisle on Unsplash

Do we need an IoT 2.0? asks Ken Munro, partner at Pen Test Partners. Being brave enough to take a new approach to an old problem is how technology gets adopted. It’s how pioneers from Steve Jobs to Elon Musk have revolutionised industries.

Right now, I believe we need a similar shake-up in the IoT. Manufacturers are following the path of least resistance to grab market share, but vulnerabilities then surface that compromise the integrity of the product and the market as a whole, stymying adoption. But what if there were a way to reinvent the IoT?

The biggest problem with the Internet of Things is, well, the Internet. It’s a public highway and that makes any device connecting over it susceptible to attack, even more so when you consider that hackers can purchase and reverse engineer IoT devices making it even easier to then hijack others already deployed. This is particularly noticeable in the consumer space where IoT devices can expose home networks and the user’s data.

Wi-Fi weaknesses

Many consumer devices use the Wi-Fi network to connect to the Internet and this creates numerous issues. Unconfigured, the device will often act as an access point with a default PSK, making it an easy target. Configuration is often difficult and the device may malfunction during set-up. Even if you do succeed, some devices will open up ports on the home firewall with the consumer none the wiser which as we have seen can lead to the creation of super botnets. Plus if the user changes their ISP or router it can be troublesome to reconfigure the device.

If it were possible to remove the internet from the equation, many of these problems would resolve themselves. The problems of malware, ransomware and botnets used for DDoS attacks would be mitigated. There would be no risk to personal data, no opportunity for device aggregation, and no risk of rogue firmware updates. The user would be able to enjoy a seamless experience with security layered in by default. Conceivably we’d have a user utopia.

So, what’s standing in the way? Why are we so hooked on Wi-Fi? The primary reasons are of course cost and bandwidth. The cost to the manufacturer from piggybacking off the user’s broadband connection is zero and it costs the consumer nothing extra, keeping product price points low. Using an alternative network is bound to incur some additional expense and then there’s the prospect of contracts to govern data transport costs, both of which are distinctly unpalatable to the vendor.

But think of the advantages. Near zero configuration, association with an established user account helping authentication, no risk of attack, and the bonus of client segregation so that in the event of compromise, the risk to the user are minimised. This isn’t the stuff of Science Fiction; it’s achievable today using mobile data networks.

Solutions

Telematics units in connected vehicles have been using these networks for some time to relay data securely so why can’t the IoT? Yes, there is a cost for the embedded SIM and airtime, but given that the volume of data exchanged by these devices is relatively small, it would be negligible and far outweighed by the security benefits.

Granted the application of these technology would have its limitations. It wouldn’t work in high bandwidth applications such as CCTV, for instance, but a smart thermostat or utility meter needs requires very little bandwidth. And vendors would need to make sure that the supply chain, which would now include the operator or M2M provider, had made provisions to prevent exposure through segregation, for example. One need only recall the Jeep attack, which saw a lack of segregation on Sprint’s network, to see that mistakes can happen.

Ken Munro

Yet the mobile market is making significant headway in this arena. We’re already seeing the eSIM joined by eUICC, R-UIM and CSIM cards to make over-the-air provisioning and updating straightforward. It’s these technologies that are used in the Apple watch 3, for instance. Going forward, Virtual SIMs will offer even more interesting, low cost solutions while mobile data is now a commodity, with costs continuing to drop.

Is the high-risk freemium model of the Internet viable in the longer term? Or should we be considering alternative networks now before we see malicious attacks discredit the IoT? Sadly, I think it’s only once we see attacks that impact the user, such as ransomware, and tougher regulation, that we may see manufacturers rewire the IoT.

The author of this blog is Ken Munro, partner at Pen Test Partners

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow

RECENT ARTICLES

Nordic-powered Apple HomeKit with Thread smart air purifier captures and analyses air quality data

Posted on: September 28, 2022

Oslo, Norway – Connected appliances manufacturer, Sleekpoint Innovations, has released the ‘Purelle (AP2)’ under its Airversa brand, which specialises in creating air treatment products that improve the quality of the air we breathe. The smart air purifier takes advantage of Apple HomeKit with Thread Accessory Protocol.

Read more

IoT interoperability – Living the dream

Posted on: September 28, 2022

With the arrival of cost-effective Satellite IoT (SatIoT), Systems Integrators are rushing to meet the huge pent-up demand for global solutions that allow asset tracking across the 85% of the planet not covered by cellular networks. They are building fully connected IoT solutions, where mobile assets can be tracked as they move, connecting to an

Read more
FEATURED IoT STORIES

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more

What is IoT?

Posted on: July 7, 2019

What is IoT Data as a new oil IoT connectivity What is IoT video So what’s IoT? The phrase ‘Internet of Things’ (IoT) is officially everywhere. It constantly shows up in my Google news feed, the weekend tech supplements are waxing lyrical about it and the volume of marketing emails I receive advertising ‘smart, connected

Read more
IoT Newsletter

Join the IoT Now online community for FREE, to receive: Exclusive offers for entry to all the IoT events that matter, round the world

Free access to a huge selection of the latest IoT analyst reports and industry whitepapers

The latest IoT news, as it breaks, to your inbox