Consider these scenarios…
A kidnapper takes remote control of the self-driving car that just picked your CEO at her hotel. The car is now driving her to a remote location where the criminals will meet her.
Your new smart home controller (think Amazon Echo, Google Home, Apple HomePod) has been hacked, and is now always listening to anything said within range of the microphone.
A terrorist group takes wireless control of several connected cars on major freeways and cause major pileups that kill or injure over 500 people.
A hacker sends a wireless command to the cardio-verter defibrillator implanted in a politician’s chest, causing the device to send a jolt of 750 volts to the politician’s heart.
A drone with a mounted silenced weapon assassinates the president of a country.
Your daughter received a “talking” teddy bear for her birthday. You don’t realize that the voice now talking to her is the convicted sex offender who lives several houses away.
All of the above examples are possible today, or will be in the near future.
Introduction
Welcome to the Internet of Things (IoT), an exploding technology where almost anything is or will be connected to the Internet.
Lots of these items have cameras, microphones or sensors that track data about a user or any other person in range.
Many of the devices are “smart”, which means they have some type of built-in data processing capability.
Some can talk to other connected devices, and almost all of them will be communicating data to at least one cloud-based server (if not more).
Voice-aware personal and home assistants can already act on your voice commands to do everything from play music to make bank transfers, and are being given more capabilities daily.
Self-driving cars that will be able to talk to each other and also to a central traffic control server will arrive within a few years.
Many medical devices are already connected in healthcare provider offices and hospitals, and new medical implants will monitor your vital signs and any other body or brain function (while communicating this data wirelessly to a connected mobile device and/or to a cloud server).
We now have smart homes, offices and even smart cities, where technology is becoming even more intelligent and interconnected.
Lots of devices that you might not think about are now being made with network connectivity (these are all real products):
- Clothing
- Light bulbs
- Smoke alarms
- Thermostats
- Fitness trackers
- Kitchen appliances
- Industrial sensors
- Toys
- Trash cans
- Hairbrushes
- Luggage
- Forks
- Whiskey decanters
- Mirrors
- Cardiac pacemakers and defibrillators
Now combine these billions of new devices with an exploding number of satellite, drone, and surveillance cameras, microphones, and biometric and facial recognition technology. Can you imagine the possible new types of data these IoT devices could produce for investigators…or criminals?
How big can it be?
Many people don’t realize how the number of connected devices will explode in the coming years.
The estimated number of devices connected to the Internet today is over 10 billion, which is already greater than the population of the earth.
The Gartner Group projects that by 2020 the number of connected devices could double to over 20 billion.
One company predicts that Internet of Things devices will generate over 600 zettabytes of data by 2020.
Now to put that in perspective, one zettabyte of data storage is the equivalent of:
- 34 trillion 3-minute digital songs
- 250 billion DVDs, or
- 36,000 years of high-definition videos.
The Information Security Institute estimates that there will soon be over 100 devices that contain Wi-Fi chips in every home.
John Chambers, former CEO of Cisco Systems, predicted that the impact of the Internet of Things could be 5 – 10 times greater than the impact of the Internet itself.
How IoT will change your life
The Internet of Things technology will give us fantastic benefits that aren’t even possible today.
You won’t use a keyboard to interact with the network anymore. Devices will either be voice-activated, or capable of direct communication via a brain computer interface (BCI).
Yes, this means that the network will be able to know and react to your thoughts.
With so much data being collected about you, the network will know everything about your financial transactions, your health and medical history, and your food and drink preferences. It will also know everywhere you go and most of what you do throughout the day.
Medical IoT devices and new implants will provide continuous monitoring and personalized medical treatments that aren’t possible today. Imagine a medical implant that can monitor your blood chemistry and glucose levels, and can administer only the amount of medication needed at that precise moment.
Your medical insurance rates will adjust automatically throughout the day depending on your behavior. On days when you exercise, get plenty of sleep, and eat well, your premiums go down. If you overeat, drink too much, and experience high stress, the premiums increase.
Holographic and virtual reality technologies will give you the capability of appearing to be anywhere you want to be in the real or virtual worlds, and developing “haptic” technologies will allow you to see, touch, hear and smell the environment where your representative avatar is.
All this technology will lead to increased productivity and convenience. The network will be able to anticipate your needs and desires. Facial and biometric recognition will provide you with personalized experiences and services that you can’t even imagine.
Robotics technology (of course they will also be wirelessly connected) will create entirely new possibilities in multiple industries. For example, in the service industry robots have already replaced human employees to check in guests at hotels, deliver room service, and help to care for elderly or disabled patients.
The possibilities seem endless to improve our lives and increase efficiency.
Unintended side effects?
But what unintended consequences could this technology cause?
First of all, can you imagine the impact it will have on your personal privacy?
If the exploding number of IoT devices are always watching and listening, will privacy still be possible?
What impact could this have on our world, if a person can no longer do anything, say anything, or think anything without that data being collected and analyzed?
Would this change your behavior?
Surveillance is the business model of the Internet.
You are the product.
And with the Internet of Things, this will be even more certain.
Many governments and companies already collect massive amounts of data about all of us. But with the IoT, the volume of collected data will skyrocket.
But there will be some logistical problems with accumulating this quantity of data.
- How much will it cost to develop the data storage to hold it all?
- Where will the data be stored (which may be impacted by existing or future privacy laws that differ from country to country)?
- Will we need new international laws related to IoT technology?
- How will investigators know which company has collected what data, and how to obtain it?
- If every IoT device collects data in a different format, how will an investigator be able to combine all the data related to an investigation to provide useful information?
- As with most mass surveillance or data collection, the size of the data makes it more difficult to extract useful information and interpret it.
Consider the analogy of finding a needle in a haystack. If the haystack you are searching suddenly doubles in size, how much longer will it take for you to find the needle?
What if it grows by one hundred times?
Remember, the success of almost all investigations relies on either time or money.
If the technology makes it harder for investigators to find relevant data, will IoT help you be successful, or will the sheer volume of data overwhelm you and keep you from finding the evidence you need?
What about security?
What about the security of Internet of Things devices?
Right now, security doesn’t seem to be a priority for companies manufacturing these devices.
There are few, if any, laws of regulations addressing the security of IoT devices.
Most devices have no security at all, and many don’t have the capability for the device’s firmware or software to be updated.
If a security flaw in one of these devices is discovered, your only option may be to destroy the device and get a new one that “might” have been updated to eliminate the flaw.
But what are your options when a different defect is found?
Most IoT devices communicate wirelessly, but very few of them currently use encryption to protect the data.
If any wireless signal is not secured, it can potentially be intercepted.
This could give anyone access to the data being transmitted by the IoT device.
Unsecured IoT devices communicating via Wi-Fi or Bluetooth signals on your home or office network could also give a criminal access to your network.
And access to the data stored on every device connected to the network.
For example, many smart televisions have microphones and cameras.
Some smart televisions even create their own Wi-Fi hotspot, and with no security.
A hacker who could intercept this Wi-Fi signal might be able to see or hear anything within range of the camera and microphone.
If the television is connected to your home of office Wi-Fi, the attacker could potentially gain access to your network.
In one study by Hewlett Packard, 70% of IoT devices analyzed were vulnerable, and each device contained an average of 25 security flaws.
A Symantec study of health/fitness tracking apps showed the average device sent the collected data to between 5 and 14 different Internet domains.
According to a recent survey of IT professionals on the ISACA IT Risk/Reward Barometer, three-quarters of the respondents believed that a security breach caused by an insecure IoT device is likely.
Almost every IoT device that has been tested by security researchers has been successfully hacked.
Connected cars, medical devices in hospitals, implantable cardioverter-defibrillators (and pacemakers) have been hacked.
Video conferencing systems, wireless copiers and printers, and other office devices have been remotely accessed.
Kitchen appliances, connected thermostats, and wireless home security systems have been hacked.
Could the IoT fundamentally change crime and investigations?
This may seem to be a strange question, but consider the following:
- We already have a staggering number of surface, satellite, mobile device, and drone cameras that will only continue to grow.
- Add a dramatic expansion of facial and biometric recognition with much better quality than we have today.
- All the devices that operate via voice control will always be listening and will alter behavior, even behind closed doors.
- IoT devices will mostly communicate via wireless protocols, many of which have already been hacked.
- Self-driving and fully autonomous vehicles will provide much more information about individual movements than has ever existed.
Since new IoT vehicles will have cameras and biometric recognition, and will be tracked with GPS, will auto theft and hijacking go away? Or will we have new types of high-tech thefts when the technology is hacked?
Does IoT technology have the potential to reduce person-on-person violent crime?
Could medical implants that constantly monitor blood components help to reduce illegal drug use?
We may have new risks when facial recognition or other biometric data is stolen.
- If a criminal steals an identity or financial records, the victim can probably recover by creating new accounts, obtain new identification, and eventually resolve any fraud that was committed.
- But if a crook steals biometric data, that can’t be recovered or replaced.
We may even see new types of crime created by these technologies that never existed before.
The Internet of Things may also change how we investigate crime.
We will need new types of investigative and forensic specialists who will have the knowledge and expertise to deal with this technology.
We might need to re-think how we organize law enforcement agencies and private investigations firms.
The old models where an agency or company has all the expertise needed “in house” may no longer be possible.
Teams of investigative specialists may be needed for each criminal case or civil engagement.
Sophisticated artificial intelligence capable of reviewing the massive amount of video and other data that will be collected from millions of sources might be required.
Conclusions
Are you sure that the Internet of Things will create more benefits than risks?
Even if the technology benefits outweigh the risks, are you ready to deal with the security and investigative challenges that will come with it?
We can help you understand some of the risks from your smart homes and mobile devices, and hopefully help you improve your security.
In our Free Content Library you can find our “Smart Home and Mobile Device Security Checklist.”
This checklist doesn’t address all of the issues we’ll face with the Internet of Things, but at least it might give you a good place to start.
Click here for a larger version of the image
