Beyond updates: The need for platform security in IoT
Just 10 years ago, the idea of an interconnected world seemed like a bit of near-future fiction. But the convergence of a number of technologies — including Bluetooth communication, smartphone availability, analytics and machine learning, and cloud-based servers — has brought this vision close to reality. Consider the following example: At 3:00, your smartwatch beeps. It tells you that you need to stand up and drink some water. You don’t have anything nearby, so you go to the corporate vending machine and flash your Apple Pay on your watch to make the transaction. After a few minutes, you get a ping on your phone that your camera has detected movement on the front porch. However, you also get a text message from UPS saying that a package has arrived, so you don’t feel a need to check.
Since you want to get to that package, you decide to leave work early. Your smartphone’s AI uses data combining GPS location at the parking lot and time of day to determine that you are heading home, so it auto-loads traffic and weather for the drive home via a map program. When you hit the road, you check your home’s thermostat and sync your favorite podcast with your car to listen to on the ride home. As you sit in traffic, you look at your smart refrigerator’s contents and see that you’re low in bread, so you schedule a small grocery delivery. And when you get home, you ask your smart home assistant (for example, Siri or Alexa) to turn on your favorite sports team as you unwind.
Staying secure in a connected world
This example has become the norm for many of us, and the addition of so many data-based checkpoints and decisions has been gradual enough that it’s hard to understand how far things have come in the past 10 years. But when broken down in a simple workflow of actions taking place over an hour or two, it’s clear to see just how many times technology is used to communicate information or make a choice. Every time devices connect, take an input or process an output represents a potential security hazard.
What’s at stake? It’s not a robot apocalypse, or even being stalked by drones and Roombas as seen in a recently acclaimed episode of The X-Files. Instead, the most realistic nightmare scenario is more in line with what has taken over headlines: compromised data and user privacy. Even when the iPhone first appeared in summer 2007, it didn’t represent the vulnerability that today’s technology cluster does. It wasn’t until the gradual integration of payments, identity and accounts into the smartphone that it became an identity risk.
When those details began residing in the cloud, that meant that they were also transmitted over data networks rather than on pen and paper. Thus, any device that connected to those accounts represented a way in for hackers. Consider your Google or Apple ID as the center of your digital identity, with spokes connected to each registered device — and in many cases, interconnecting paths between those devices as well. Then you add in third-party devices, from payment readers to QR scanners and more. The network is vast — and every device requires the latest updates to ensure the maximum level of security. The question remains: Is that enough?
How secure are updates?
The consumer’s data is at risk, but they are not the ones in control of security surrounding their data. Updating apps, operating systems and devices is a good first step on their end, but a virus or malware can easily circumvent that. Thus, a true solution to such an issue lies more with the platform provider rather than the consumer. In this case, if platforms move their data to a blockchain, then it’s possible to ensure that updates are processed while maintaining security.
Using a blockchain, every data point, critical piece of information or snapshot can be hashed and added to a blockchain — thus verifying it against the devices itself. The size and frequency of the hash is based on granularity of data. The hash of the updated files verifies the accuracy and authenticity of the download. By crafting a platform for security, it ensures that nothing will get hijacked between point A and point B; it’s the digital version of driving an armored car across a protected street.
This doesn’t absolve the tech industry of security holes. First, developers are still responsible for identifying risks and rolling out regular patches. Second, a hash discrepancy doesn’t identify a specific issue, it only flags that an issue exist.
One giant leap ahead in cybersecurity
However, despite these elements, blockchain would still represent a leap forward for cybersecurity. By sealing off the easiest avenues of criminal intent, blockchain seals off a significant amount of avenues for stealing data — and as the internet of things era continues to proliferate, every new device added to the network represents another way in. Consumers can only do so much, and in order to secure their trust — and the trust of private businesses developing devices/apps and public entities providing the infrastructure for such things — data must be shown to be as secure as possible. With blockchain currently being tested for voting, medical records and governments, the only question is when will companies’ pain points in data integrity be strong enough for blockchain to be the production solution?
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.