If you were trying to make a Paypal payment last Friday, or wanted to post something on Twitter, you might have been frustrated for a few hours. The reason was a distributed denial of service (DDoS) attack on the domain name server Dyn, which meant users were struggling to find the pages they wanted. DDoS is table stakes for hackers. What made this event significant was the mechanism used - hijacked connected devices.
Using the internet of things (IoT) to take down the internet may seem paradoxical, but it reveals an underlying issue with the next generation of technology starting to colonise our lives. Put simply, manufacturers are racing to get their products into market and giving very little attention to the nuts and bolts of what happens once they are switched on.
As yet, there is no common standard for IoT data, which means interoperability has been parked as a user benefit. That might not seem like much if you are just connecting one device, like a health monitor or smart thermostat, to a single service, like tracking or remote control. Once you want to hook up multiple bits of tech to create a truly connected home, for example, the absence of a common data standard will become a barrier. Standardising and integrating large volumes of sensor data is not only technically challenging, it is also not currently suited to real-time operations, which is what these new services are all about.
Worse, almost no thought has been given to data governance, especially information security. Experts who looked into the Dyn DDoS have noted that millions of devices were used that were manucatured with default, basic passwords. The bad news for users excited about joining the IoT development is that they are unable to make any changes - what gets shipped gets used.
If you think this only provides hackers with a new wave of remote bots to undertake their attacks, the reality could be something much worse. An information security expert recently gave the “worst IoT security of 2016” award to the Owlet wi-fi baby heart monitor. A device which checks if an infant is having heart trouble could not place the issue of data governance into a more emotional and personal space if it tried.
Ignoring the basic building blocks of data-driven technology should not be seen as the acceptable cost of product development. Instead, manufacturers should be collaborating to agree on data standards, so IoT becomes a singular thing rather than a mass or parallel networks. They should also embed proper, flexible information security protocols. When it comes to smart devices, that would be a smart decision.