Just because you can put the Internet into something, should you?
Denver-area technologists tackled that question Wednesday at the launch of an Internet of Things community called Tech rIoT. On many minds was how hackers gained control of a Chrysler Jeep and slowed it to a crawl on the highway.
“When is it right to integrate systems, and when is it wrong?” one man asked the packed room at the Wildlife Experience in Parker.
Market researcher Gartner Inc. projects that the number of connected devices will quintuple from 4.9 billion this year to 25 billion in five years. Much of the new stuff will come from startups, according to Pete Basiliere, a Gartner research director.
Security for devices that connect to the Internet is all over the place — and not always used. Alarming tales of hacked IoT devices range from baby monitors and home automation systems to medical devices, public utilities and automobiles.
The philosophy of IoT security — what should be connected, what data should be collected and what is the right thing to do — is not often publicly discussed.
“Like a lot of technology when it’s first being created, there’s a lot of hype on how it’s going to be commercialized. And often, the morality question comes too long after,” said Josh Oakhurst, chief strategy officer for Skookum Digital Works.
“It’s good that people are finally starting to see that this Internet of Things is real and we should think about what should be connected, what data should be transmitted from our daily lives,” he said.
With the world’s eye on security, there are plenty of ways to secure IoT devices: hardware and encrypted chips, requiring two-factor authentication, and efforts like the FIDO Alliance, which is developing standards to reduce the reliance on passwords.
Apple Pay in iPhones, for example, encrypts a number linked to a credit card in the phone’s hardware. Combined with a transaction-specific security code, purchases are made without sharing the credit card number with merchants.
In research reported in the media this week, hackers of the Chrysler Jeep found a hole in the vehicle’s Uconnect system, which lets owners use a smartphone to start the engine, lock the vehicle and track its location. The hackers, who invited a Wired writer to drive the Jeep, spent a year doing car-hacking research on the vehicle.
“I wouldn’t say Chrysler was irresponsible. I think it’s more of a matter of technology moving faster than what we’re ready for,” said Jeff Miles, vice president of business development for NXP Semiconductors.
“Just like on my rental car. If I don’t delete everything, all my contact information is in there. It’s things like that,” Miles said. “Nobody designed a Bluetooth connection thinking that Hertz and all of us would be connecting our iPhone and all of our data. It’s a privacy and security issue. But it’s fixable.”
With the next big Internet device potentially coming from Colorado, TechrIoT organizers launched their group to offer expertise, collaboration and a community.
A key supporter is Colorado’s largest Fortune 500 firm, Arrow Electronics, which is working with Innovation Pavilion in Centennial. With access to sensors, chips and other IoT hardware, Arrow wants to be part of the revolution.
“Plan to put security in at the front,” said Joseph Zaloker, Arrow’s director of technical marketing. “Most customers wrestle with the ROI (return on investment) because (they ask) do I really need it? Well, what’s the cost in terms of brand corrosion. … Look at Target, such a big deal. Look at the monetary loss they had at Christmas and what they lost. A lot of people lost their jobs. I don’t know if they ever got the confidence back from their customers.”
The problem with devices that can go online is not just about security, but privacy. Devices collect personal data. Wearable technology, like Fitbit fitness bands, tracks a person’s physical activity. Recently, Fitbit data showed up in court to help an injured personal trainer show she is less active.
It could also go the other way.
“There’s a lot of (data) that has no need to be in the cloud,” Oakhurst said. “Is there any reason (data on) our phones, our pacemakers or something in my pocket needs to talk to something? When you start presenting it that way, the answer is no.”
Tamara Chuang: 303-954-1209, tchuang@denverpost.com or twitter.com/Gadgetress
