The Internet of Things, how secure is it? [interview]

Posted on: 10/05/2018 | By: DSS

“It doesn’t bear thinking about what would happen if hackers shut down sensor-controlled traffic lights”

We use a smart watch to monitor our health and turn up the heating using an app on our smartphone. This kind of convenience has been made possible by the Internet of Things, as it allows all kinds of devices to communicate with each other. But how do you prevent those devices from transferring our data to unknown destinations and how do we make sure safety and security are not compromised? SensorTeam’s tech specialist Gertjan de Vries has the answers to these questions.

Internet of Things (IoT), what exactly is it?

Gertjan de Vries: The Internet of Things is all about connecting devices to the internet, allowing smart communication between these devices, and enabling them to anticipate our needs.

Gertjan de Vries, co-owner SensorTeam BV

How rapidly is IoT developing?

Very rapidly. The arrival of new wireless network technologies such as LoRa and NB-IoT now makes it very easy for interconnected devices to communicate with each other. I expect the number of devices that are hooked up to the internet to grow enormously as a result. SensorTeam itself is focusing on smart city applications, using IoT technology to capture sound levels in urban areas in easy-to-grasp visuals. Sound monitoring data, in decibels, is sent over a LoRa network and can subsequently be tracked on a computer or smartphone in real time. And so, all kinds of new applications will emerge, such as fine particle monitoring and traffic monitoring near residential areas.”

What kinds of things is IoT used for?

There is a clear difference between devices and equipment used for industrial purposes and domestic devices and appliances. Due to the special properties of these networks, so-called “wired” systems in industrial environments are increasingly being replaced by wireless systems, simply because wireless networks are cheaper to set up and maintain and very well suited for the sending of small packages of data.

And such an IoT network can also reach every single nook and cranny in a building, offering far greater coverage than the cellular network. To control machines and transmit information collected by sensors, you do not need a lot of data, so the fact that a data package can only contain a small amount of data is in no way a restrictive factor. When it comes to domestic use, I think we are far off from using this kind of application with the current technologies.

When you connect your fridge to the internet via a LoRa or NB-IoT network, your local supermarket will be able to start doing business with your fridge directly. The fridge and the supermarket will then not depend on the WiFi network or router settings at home. After all, the home network is often a non-secure and unreliable link in the chain.”

The phenomenon of devices communicating with each other emerged in the late 20th century. In the 1980s, someone invented a toaster that could be switched on over the internet, while students connected a Coca-Cola vending machine to the internet to monitor the temperature and when the machine needed replenishing. The term Internet of Things was coined by British technology pioneer Kevin Ashton in 1999. He defined it as ‘things’ that communicate with each other using RFID chips. SOURCE: KPN’s ‘IoT  security’ white paper

What can the data collected be used for?

“I think we can’t even imagine at this point what the possibilities could be. This new technology produces huge volumes of monitoring data in a way that was not possible until recently. This data can give us new insights that can, for example, help us improve quality of life in urban areas.

How? SensorTeam’s technology provides a fine example of how this can be done. We already monitor sound levels at outdoor music festivals and at a youth hangout spot in Amstelveen. But there is a lot more interesting data that this monitoring technology can produce. To shield residents from excessive ambient noise, we are working on monitoring technology that will intervene and issue alerts based on the data collected. The authorities can then quickly take action to protect local residents.

Prolonged exposure to noise is bad for our health and can cause a lot of stress. Noisy neighbors, thundering trains, roaring aircraft, and cars all around us are having a highly negative impact on our well-being. SensorTeam helps authorities identify where noise is produced in their local area and when.” (Interview continues under the photo.)

Gertjan de Vries at CUE2019

Are there any risks attached to the Internet of Things?

Of course there are. Whenever large volumes of data are processed, there are risks. Especially when automated processes arise that respond to the data. Applications such as our sound sensor are developed with the best of intentions. And the systems that are currently being developed are essentially still fairly simple and easy to manage. But as soon as different systems start to collaborate, the new whole ceases to be easy to manage. Vulnerabilities in these interconnected systems are no longer identified as quickly and they are increasingly interesting to hackers. Hackers will then exploit these vulnerabilities, often for dubious purposes.

Besides the risk of data from IoT sensors being intercepted and used improperly, there is a risk that is perhaps even more impactful, the risk of not being able to guarantee where the data came from. Imagine that data from our sound sensor, which is currently “merely” shown on an online dashboard, were to be intercepted and misused by systems that respond to monitoring data. A hacker would then be able to control the system, provided he or she manages to pose as a SensorTeam sensor. Sensor data encryption and authenticity verification are two things that we have to get right to prevent problems in the future.

In my opinion, we need clear guidelines on a European level. We are now seeing that companies and parties that are pioneering this development don’t know how to handle this. Luckily, we have got this under control. Data from the SensorTeam sensor is fully encrypted, from the moment it is collected right through to when it is saved to the cloud. The cloud services processing the data are also actively secured.”

IoT is making cities smarter. Are there any downsides to smart cities?

Data is the foundation of any smart city. But as soon as data is transferred using devices, people have less control over it. On the one hand, this is a positive, as it allows a lot of processes in a smart city to be automated and streamlined. And it makes them faster as well. One example is a parking space notification on your phone as you enter one of those smart cities. Very convenient for you and good for the environment as well, as you won’t have to drive around looking for somewhere to park. On the other hand, however, smart cities are exposed to the risk of hackers breaking into their systems to manipulate or disable them. It doesn’t bear thinking about what would happen if hackers shut down sensor-controlled traffic lights.”

Whose job is it to secure the data?

Companies that develop IoT solutions and provide IoT services, such as SensorTeam, have, as far as I’m concerned, primary responsibility for securing the data. The government will also have to issue guidelines, which they are actually already doing. In 2018, the Dutch government imposed a range of measures [page is in Dutch] to boost the security of the Internet of Things. These guidelines include standards and certifications for IoT devices, while they are also intended to purge users’ compromised devices. And we need to raise security awareness among the general public. Parties such as KPN are already working on that.”

What can we do personally to secure our data?

Data on devices you use in your personal environment is easier to secure than any data you share with, for example, a smart city. The Open Web Application Security Project (OWASP) [page is in Dutch] offers extensive advice for personal digital security. The main pieces of advice are the following:

  • Use a strong password made up of symbols, uppercase and lowercase letters, and numbers. And change your password on a regular basis, such as every three months
  • Always update your system to the latest version
  • Never save privacy-sensitive data when it is not necessary
  • Protect your IoT device against malware by using detection systems

Make sure you read all the advice and learn about this new world. It is already here, and it will only grow. For further information on IoT security, check out KPN’s white paper [page is in Dutch]. It goes into IoT security in great detail, providing lots of highly useful information for companies and authorities.”

    Your Cart
    Your cart is emptyReturn to Shop