Making the Internet of Things a Safer Place

The Internet of Things (IoT) is an exciting “place.” Innovators are developing revolutionary technologies that will reshape cars, workplaces, homes and lives. Some of these technologies are even now commonplace. They include fitness trackers such as Fitbits, thermostats like Nest, and some appliances.

With the IoT comes a larger threat people are starting to realize: as more connected devices enter workspaces, homes and lives, bad actors can use them to access personal information. These bad actors could use the IoT to access live video feeds from a home and unlock doors.

If preparing to purchase a connected device, consumers should ask how – and where – the information input into it is encrypted. What type of encryption does the product’s manufacturer use? Is the device encrypted locally or in the “cloud”?

If information from a device is encrypted in the cloud, a bad actor need only access the device provider’s cloud database. If a hacker, for example, wanted personal health information from a fitness tracker, he may target the servers where the manufacturer hosts its users’ information. If the manufacturer encrypts the information only after it is received from the device and app, the personal information of thousands of users may be compromised with a single hack.

On the other hand, if information is encrypted on a device before it is transmitted to the cloud, any hacker gaining access to a manufacturer’s servers will not be able to decrypt the information without each device’s unique key. This means that the hacker would need to access each individual device, which is a task made difficult if its owner has properly secured the home wireless network.

For example, a Mozilla co-founder, and his new company, Silk Labs, are launching a new device called Sense. Sense interacts with a home’s other connected devices and, according to the product’s Kickstarter description:

[It] has the ability to act based on you and your family’s needs, helping you live your life by making the devices around you more responsive. Lights can turn on when you need them… Music that you like will play… Sense can adjust the thermostat … Sense can do all of this automatically because it knows your preferences and routines.

Silk Labs takes security “more than ‘seriously’”. This claim is not surprising, since Mozilla is best known for its Firefox web browser. Firefox was the first browser to seriously challenge Microsoft’s Internet Explorer by offering a safer and faster option to the then-dominant Explorer.

As part of Sense’s security features, it offers end-to-end encryption. This means the information gathered by Sense is encrypted on the device. It also uses “Bluetooth LE to securely exchange secret keys” between the device and a consumer’s smartphone. This means that “No one – not [Silk Labs], not a hacker, not the NSA – no one but you can access your family’s private moments.”

The Internet of Things is an exciting place. It will change our lives. As innovators realize the threats posed by bad actors, and try to remain one step ahead of them, the innovators will design connected devices with security in mind. Consumers will recognize the manufacturers offering subpar security, and avoid them. In other words, the free market will sort out security issues, weeding out innovators not properly focusing on security.

Crossposted at www.alec.org.

Jonathon Hauenschild is a legislative analyst at the American Legislative Exchange Council.