[THE] INTERNET OF THINGS (“IoT”): [When I wrote this definition two years ago, no one had heard about this. Now, it’s the “next big thing,” responsible for driving the move to from “4G” to “5G”]
WHAT IS IT? A term describing the interconnectivity between everyday objects (not just hardware appliances, but also living organisms like your pet or yourself) through embedded sensors (a/k/a “MEMS”), turning them into “smart objects” which collect and send data (usually over the Internet) to the users of those devices, often through their cell phones or computers which are connected to a home or office Wi-Fi router or wireless smart appliance hubs (like those from Samsung and others or the upcoming Google Home). Most of these MEMS are so small that they can be embedded into anything, including appliances, clothing, glasses, even people and pets. And there are even slightly smaller systems called nanoelectromechanical systems which are even better suited to embedding in devices and people, as they take up billionths of an inch.
HOW DOES IT WORK? The MEMS report back data for various uses, from remote control to data analysis. The software to do this usually comes free with the device and usually happens automatically without any user input. The required software may be free, but the hardware configured to use with that app, like special light bulbs or appliances, isn’t. Using this reported data, users can then decide how to control the devices, often remotely. Sometimes they pre-program the devices (using ASICs) to make choices based on the data without even reporting it. [This, as opposed to the Internet, which primarily connects people, and not inanimate objects.] That analysis yields benefits in the areas of such things as resource monitoring, usage pattern tracking and just-in-time deliveries of goods and services. This notion of multiple purposes as a conduit for combining and collecting digital activities is central to this theme.
EXAMPLES: For example, cars can communicate with owners or insurance companies about driving patterns or predicted or actual traffic violations; medical devices such as the Withings blood pressure monitor or the Agamatrix glucose monitor can communicate with hospitals or doctors, analyzing patient history and preventing possible medical mishaps; agricultural companies are monitoring crops to distribute resources such as pesticides, fertilizers and water economically; pool pumps can be monitored by your pool service company, utility companies can monitor energy through smart meters (see NILM), gas and water consumption; local governments manage traffic, parking, improve waste management, control street lamps and monitor cellphone tower radiation; hospitals can monitor everything from anesthesia in operating rooms to secure tracking of medications and supplies from inventory; thermostats (like the Nest, founded by Tony Fadell [a former Apple exec] which combines sensors, machine learning and web technology, purchased by Google in 2013 for $3.2 billion), which can be remotely controlled and change their own settings based upon ambient conditions; Nest makes audio/video wireless security cameras as well; centralized, remote home audio and video entertainment from Plex, and multi-room audio from Sonos; the Lixil toilet; SimpliSafe home security system; the Beam Brush tooth brush, recording the amount of time spent brushing; the Lynx Concept Grill, which is voice-activated and automatically cooks foods based on user commands and programmed recipes; the CARCHET Wireless Tire Pressure Monitoring System, the Rachio Iro sprinkler controller system; lamps like LG’s OLED that let you control the brightness through apps, as well as light bulbs like the Philips Hue Tap, Philips Lux that can be remotely controlled, or AirBulb Color, which streams music from your smartphone, which then changes lighting colors to match the mood; the Yale Real Living Touchscreen Z-Wave Deadbolt, remotely programmable; CarLock, and of course OnStar, keeping track of your car’s location and other uses, refrigerators that can suggest replenishment of food based on its users’ historical purchasing and inventory. Also, prison doors, defibrillators (former VP Dick Cheney actually had the wireless connection in his disabled due to fears that a terrorist might use it to electrocute him), airplane engines. TVs, Microwaves, washers and dryers, cell phones, and other appliances can even suggest and implement optimal settings based on the owner’s input and or usage. In 2016, Samsung announced it’s new “family hub” refrigerator ($3300!!) that is equipped with cameras inside and a 21.5” monitor outside that not only shows the contents on the outside monitor but let’s you check the contents remotely via smartphone app, will let you know when you need to replenish certain foods, if they’re on sale, even order certain ones. You can also leave notes and messages on the screen for your family. Other devices have sensors that can monitor your pool water and chemical levels, your wine temperature and nitrogen level, when your barbque propane tank needs refilling and may even lead you to a parking space with an embedded sensor to direct you to your space or find your car if you forget where you parked. And never forget your wireless network printer, which has been known to create hacking opportunities as well. At the International Consumer Electronics Show in Las Vegas in 2015, LG unveiled a series of household appliances that can receive, interpret and send texts: a washing machine that, when asked, reports how much time is left in a cycle or even make a charitable donation (Whirlpool) and a refrigerator that alerts the owner when food is about to expire.
Of course, home security has always been there. IoT also includes RFID tags inside equipment, clothing or even humans, as well as wearable technology for many other monitoring purposes. And the concept of the smart house is expanding, not only from companies like BrightHouse, that market complete systems, but also the Belkin Maker Kit, which markets the WeMo line up for consumers with some abilities. It can be programmed to control motors, sprinkler systems, lights, etc. It will even come with an app to turn on and off a slow cooker crock pot. Many of these items are either available, or expected to be introduced soon. And the embedded sensors can alert you to water in your basement, overheating equipment and the like as well. Popular is the Ring doorbell appliance, which has a wide angle video camera and recorder, so that users can pretend they’re home when they’re not, know when a package arrives at their door, and provides other types of video security at a very low cost. On the business side, IoT includes such things as point-of-service terminals, ATMs, ruggedized handheld phones and tablets and medical equipment.
THE IoT SOFTWARE STACK: The basic “IoT stack” is composed of (1) a tracking technology such as bar codes, RFID and QR codes, sensors and other software (mostly open-source operating systems like Linux and Tizen) embedded in (2) a “transponder node” affixed to a physical object (anything from a truck to a bottle of pills) which uniquely identifies itself over the Internet, (3) allowing an inventory and location analysis, permitting both interaction and predictability to actively participate in endless possibilities. All this monitoring requires different types of devices with different energy consumption, sizes and capabilities, and the ability to manage massive amounts of data into a form that can be used to create useful wisdom, all in real time. Google is introducing its own operating system, Brillo, designed for developers of IoT software, combined with Weave, a communication protocol for IoT. And GE has developed Predix, it’s own internet industrial operating system. But remember, there are ownership issues which directly affect the consumer: You license the software, and don’t own it, so you are at the mercy of the big guys, who can make your device obsolete at the flick of their switch. For more, see BELOW.
The IoT has evolved from the early days of the Auto-ID Center (a non-profit collaboration of private and educational entities that created the original web structure that developed the basic tracking technology for RFID tags through their EPCs (electronic product codes)) to EPC Global, which took over in 2003 after Auto-ID shut down, and currently through various universities throughout the world. Also, the AllSeen Alliance has been created (see Associations), a non-profit organization devoted to the adoption of the IoT, makes sure that companies like Cisco, Sharp, Panasonic and others are manufacturing products compatible with a networked system which can interact with each other. In order for the IoT to become widely adopted, it must evolve from the current state, where most devices can only be networked with products from the same proprietary manufacturer, but not to the products of other companies. A universal “remote control” must be developed, crossing manufacturers’ product lines. Also, as with many other Internet devices, privacy and security issues, particularly for medical data, must be satisfied. In mid-2015, Microsoft announced that Windows 10 will be able to control IoT devices using the AllJoyn open source framework, developed by the AllSeen Alliance, discussed above.
It’s clear that the IoT is the “next big thing”. Over the past couple of years, companies have embarked on a gradual but massive adoption of IoT, investing in sensors to collect data and analysis of that data once transmitted. IoT will become a “multi-trillion” dollar industry by 2020, estimates PwC, which conducted a survey on the subject. In 2013, Gartner Research estimated that by 2020 over 30 billion devices will be connected to the IoT. Apple, Google and Microsoft have all started “accelerator” programs, betting on the smart home market (see below) doubling in the next five years. Microsoft has chosen startups, for example, which work with your electric meter, water heater, light switches, cameras and fire detectors, as well as analyzing foot traffic, temperature, humidity and appliance usage, all to reduce costs and maximize device usage.
SO WHY IS IT SUCH A BIG DEAL? As always, follow the money. As servers become faster and larger, and big data and analytics are capable of sorting, slicing and dicing that mountain of data into consumer profiles that can create advertising to target potential customers, sellers welcome the greater amount of data that can be collected, because they see that it relates directly to increased sales. So, while it may seem that companies are offering internet connected appliances as a convenience, don’t delude yourself - it’s all about money.
WHERE DID THE TERM COME FROM? The phrase itself is said to have been coined by technologist/writer Kevin Ashton in 1999 while working for Procter & Gamble. The IEEE (see Associations) is pushing P2413, which will build a framework for interoperability among connected devices and related applications in home automation, industrial systems, telematics and other sectors expected to use IoT. See Associations for the OIC, which will create standards for IoT.
HOME AUTOMATION: For how home automation works with various “controllers” see FAQ #80 for more. Companies like Apple (“HomeKit”) and Orange (“HomeLive”) each offer operating system frameworks on which software and hardware developers can build smart home systems. Companies like Smart Things can provide sensors (i.e. to detect open doors and windows) but, more important, “smart hubs” that aggregate the data collected by various sensors in a house to manage them all centrally.
The 2015 CES was dominated by smart home vendors and home technologies generated an estimated $1.9 billion in sales in 2014, up from $1.7 billion in 2013. People are looking at these devices to save money on utilities, manage their security when not home and simply make their lives easier.
IoT WILL CAUSE RELATED SYSTEMIC CHANGES: Of course, all of this interconnection will require changes in battery power and electric usage, so prepare for that. And, as important, changes to the Internet system as well. That’s one reason why we’ve gone from IPv4 to IPv6 addresses. The newer IPv6 addressing system uses 128 bits, which is in the octillions of addresses and will probably never be outused. Cloud storage and Big Data are becoming a cheap and fast way to crunch data, much faster than the old hardware servers. And Wi-Fi, particularly when coupled with GPS, make it much more practical to move data back and forth into the cloud. And pretty soon our cell phones will probably have more storage on them than most of the desktop and laptop computers we used only a few years ago.
This increase to some 200 billion “things” in the world (only about 20 billion are currently connected), is requiring bigger and more powerful data centers, which currently account for nearly 3% of the worlds consumption of power, up 100% over the past five years, according to Boston energy consultant Peter Kelly-Detwiler. In the U.S. alone, data centers accounted for about 91 billion kilowat hours of electrical demand in 2013, an amount equal to the output of some 34 power plants, twice the demand of all households in New York City. This is driving the big data center companies like Apple, Facebook and Google to build more data centers in countries like Denmark, Finland, Norway and Sweden, where the electrical grid is under less stress and where abundant renewable resources like hydropower make compliance easier.
BUT JUST NEVER FORGET THIS: If it’s connected to the Internet, it can be hacked. So much so, that some techs jokingly refer to the IoT as the “Internet of Targets”. There’s always that vulnerability, so you should protect yourself (for more see FAQ #67 and Security). And that includes such things as wearable computers, like Google Glass - type devices to fitness bracelets to Apple Watches, all of which work over the Internet as well. And those personal digital assistants (e.g. Echo, Siri, Cortana and others), which are “always on” devices are a double-edged sword - while they can manage family life as a combined kitchen helper, child entertainer, DJ, encyclopedia, travel agent, weatherman and the like (as touted by all those “mommy blogs”), they also may violate many child privacy laws (see COPPA in Laws, which protects the digital privacy of children under age 13) by collecting children’s data without explicit parental consent. And don’t forget law enforcement, click HERE for more. But much of the information collected through these PDAs as well as the data (photos and such) on the Internet have been posted by the parents themselves, arguably their own consent and responsibility. Obviously, this area of the law will be evolving for some time to come.
Real Examples of hacking: The 2013 IoT refrigerator/TV hack, click HERE. Then there’s the disgruntled ex-husband who took his revenge on his ex-wife and her live-in boyfriend by remotely messing with the Honeywell thermostat’s temperature settings. A 14 year old in Poland altering a TV remote in 2008 to control of trams in Lodz, Poland’s third largest city, derailing several trams and luckily causing minor injuries. Prison doors and other mechanical systems, shown to be vulnerable by Tiffany Rad, Teague Newman and John Strauchs in 2011. Samy Kamkar’s touting of his latest creation, “Skyjack” in as 2013 YouTube video, which he claims could build “an army of drones” capable of spotting and taking control of devices within their range. He also has released information about how to hack remote garage door openers. A hack in 2010 to the Texas Auto Center in Austin which caused horns to honk and identified owners as cartoon characters, caused by a dissatisfied 20 year old dealership employee. (Most of the examples above have been corrected through firmware updates, but they’ve actually happened). Your Nest thermostat is vulnerable, as are your remote door locks, baby monitors (Foscam), webcams (Trendnet), home automation systems (Insteon), toilets (Satis), TVs, light bulbs, computerized sniper rifles (no kidding), vacuums, lawn sprinklers and many other devices, unless router security is practiced. And the vulnerabilities reported in Christmas 2015 through the V-Tech and Hello Kitty kids internet-connected toys. And it’s getting worse: At the 2016 DEFCON, hackers found 47 new vulnerabilities in just 23 IoT devices.
Especially cars: In mid-2015, car manufacturers finally discovered that the wireless systems built in their “connected” cars, providing everything from phone, GPS, remote key systems, diagnostics, satellite radios, wireless tire-pressure monitors, dashboard internet links or road service via Bluetooth, telematics systems like OnStar and Hum and Wi-Fi, are so vulnerable (through what’s known as these “attack surfaces”) that hackers could take over the car’s steering, brakes, starter and other important systems, causing all kinds of havoc, through software exploitation. MEMs are contained in systems like tire pressure, corrosion and exhaust gas sensors, brake pressure, suspension, mass air flow and air conditioning sensors, silicon nozzle fuel injection sensors, accelerometers for airbag deployment and suspension control, GPS and inertial navigation system and the noise cancellation feature for internal microphones, just to name the most common ones. And they could activate the microphone to secretly record conversations (kind of like they discovered the LG TVs could in 2015). Those convenient key fobs, particularly the “always on” ones, can be tracked by determined (read: organized) hackers equipped with a $100 amplifier and easy to obtain software, taking control of your car and even driving it away, bypassing the supposedly complex algorithm that makes it safe. Kinda like the 1980s “phone phreaking” which defeated long distance by playing back recorded phone tones. While it’s also true that the embedded sensors and computers built into modern cars can prevent unsafe lane changes, assist in emergency braking, assist in parking and record video in the event of an accident for later retrieval, you may not consent to or want this type of surveillance. (Some claim that storing the fob in your freezer or microwave or wrapping it in tin foil will reduce the signal, but what’s the point in that?) Or hackers can deliver malware via a single strategically placed Wi-Fi beacon. Much of this is because the security built in to the systems is twenty years old. It is not current. The computer protocol that the various on-board car systems, which can be as many as 15-50, use to talk to each other is named “CAN,” which was created back in the 1980s to help mechanics diagnose problems.
So far the intrusions have been limited to relatively harmless horn honking, changing radio stations, refusal to start engines and misidentified owners (e.g. Mickey Mouse), but in 2015 it was publicly revealed that security researchers Charlie Miller and Chris Valasek demonstrated that they could easily hack a 2014 Jeep Cherokee while it was on the road, manipulating the car’s brakes and steering, without any special dealer-installed devices to ease the process (although, to be fair, they spent many hours, had prolonged access to the vehicle and possessed substantial technological knowledge to accomplish this). This resulted in an almost immediate recall of some 1.4 million U.S. vehicles by Fiat Chrysler, a trend that will surely snowball among car manufacturers until this type of vulnerability is repaired. Particularly vulnerable were the Jeeps, Dodges and Chryslers that use a proprietary wireless entertainment and navigation system called Uconnect. Luckily, because of the nature of car design, each hack is on a car-by-car basis and not by a group of cars, models or types (yet). But the vulnerability is present, so much so that in 2015 Senator Ed Markey (D-Mass) introduced a bill known as the “Spy Car Act” [Actually the Security and Privacy in Your Car Act] to lock hackers out of Wi-Fi connected cars by have auto manufacturers build in security into their connected cars. And on March 17, 2016, the FBI and DoT issued a joint public service announcement calling the public’s attention to the possibility of unauthorized hacking of auto computers. Because the DoT envisions a day when vehicle-to-vehicle communications will be standard on U.S. autos to avoid non-alcohol connected accidents, there has been an ongoing battle over the expansion of the 75megahertz range in the 5.9Ghz band reserved for this purpose.
Of course, there are other technological ways to hack or steal a car. The Relay Attack key fob surreptitiously captures a signal from another nearby key fob to use to gain illegal entry to the cars, and the Nat’l Insurance Crime Bureau has shown that in 19 of 35 tests, the device opened the subject vehicle and in 18 of those 19, actually started it.
On November 17, 2015, the Library of Congress issued exemptions to the digital Millennium Copyright Act (see Laws) to allow modification of automobile computers, as well as tablets, smart TVs and other IoT devices without fear of prosecution. The LOC 81 page article is titled “Exemption fo Prohibition on Circumvention of Copyright Protection Systems for Access Control Technologies”. In a 2016 report about “Vehicle Cybersecurity,” the U.S. GAO warned about possible cybersecurity threats, noting that, while no cyberattacks have yet caused any injuries, protection is in order. They note that “a modern luxury car could contain as much as 100 million lines of software code,” about 15 times more than a Boeing 787 Dreamliner. New features added to cars in just the past couple of years, like adaptive cruise control, collision prevention and lane-keep assist, which take control of the car over the driver, would be particularly susceptible to hacking.
But this isn’t, of course, just a car problem. And we know from experience (see the discussion about LoPht and the 404s in Hackers) that companies and politicians take their time solving these types of known security flaws unless the public continues to push them. If they aren’t corrected, there will certainly be damage, injuries, possibly deaths and, this being America, most definitely law suits. So lots of people, not just manufacturers abut also outsiders, are hustling to come up with security solutions. Meanwhile, it is up to users to use all available means to secure their Bluetooth, radio data systems, cellular and Wi-Fi systems and the like to the maximum extent possible. Or just stop using them. Keep all firmware updated. Use encryption features, if offered. Contact IoT manufacturers or check their web pages frequently for updates. Use the wireless router protections discussed in FAQ #67 and discussed in Security. Of course, before buying IoT appliances, determine how important security is to you and make the purchase decision ahead to time. And always be vigilant.
SECURITY vs. PRIVACY: As with many other previous computer technologies, there will always be a balance between between security and privacy. In the Are You Being Watched Page of this site, I review all of the various types of surveillance you are subject to, without any consent at all. Some of it is good (preventing robberies, helping hospital patients) and some of it is arguably evil (hacking, NSA surveillance). But it is inevitable that it will continue. So either join the crowd or don’t and, if you do, monitor how much data you’re putting out there.
OWNERSHIP: Last of all, there’s that tricky issue of ownership. That is, since the purveyors of the IoT products always own the software that controls them, do you really own anything at all? Columnist Glenn Reynolds described a homeowner, Arlo Gilbert, who purchased the Google Revolv, a home automation hub, to which he attached virtually everything in his house, garage door, lights, sprinkler system, A/C system, home alarm, motion sensors, all of it, then trashing his old analog switches. Then, on May 15, 2016, Google has announced that it will no longer support Revolv and will shut down the hub. It will not only not update the software, it will remove it, effectively “bricking” the device and making it absolutely useless. Gilbert’s house will stop working. And they can do this. The law allows this because, while you may own the hardware, others own the software, you only have a license to use it, not own it. This is no different than Amazon removing books from your e-reader (which has been done, click HERE), or companies purchasing custom software to which the developer retains the rights (see HERE), or even purchasing most off-the-shelf computer programs (read the fine print on your EULA). All of you only have a license to use the software to computers or devices, which often can be revoked at will. In a far-fetched example, designer Michael Burgstahler tweeted: “Google 2017: “We acquired this smart pacemaker company.’ Google 2020: ‘Sorry, we don’t support it any more, will shut down all old devices.” The Digital Millennium Copyright Act (see HERE) permits all this. Perhaps it’s time for some amendments to the laws to protect consumers.