The Internet of Things (IoT) has become one of the main emerging trends in the tech world with a vast number of followers. The huge number of IoT users can be attributed to the several benefits introduced by the IoT paradigm as it has changed the way users carry out their daily tasks, potentially changing the world. Who wouldn’t want a smart house, a smart vehicle or smart appliances that can do all the thinking for their users and automate their boring and time-consuming tasks? With this in mind, leading tech companies have forecast a colossal growth in devices connected to the IoT market. Gartner predicts that 20.8 billion devices will be connected in the IoT market by 2020, with an annual revenue for IoT vendors that could exceed $470 billion, according to Bain & Company (Louis Columbus, ‘Roundup Of Internet Of Things Forecasts And Market Estimates’, Forbes, 27 November 2016).
Although IoT can be perceived by the public as a blessing in disguise, pitfalls exist which can eventually turn it into a curse. By connecting personal devices to the internet it enables lone hackers, government agencies and companies to invade the privacy of users (unwanted public profiling), or even harm them physically. An example illustrating the extent to which malicious attackers can harm IoT devices and their users can be found in the work of Charlie Miller and Chris Valasek’s remote car hack (Andy Greenberg, ‘Hackers remotely kill a Jeep on the highway – with me in it’, WIRED, 21 July 2015), where they exploited a zero-day vulnerability that led to the wireless control (e.g. kill the engine of a car) of a Jeep Cherokee vehicle via a laptop located 10 miles away from the moving hijacked car.
The plethora of vulnerabilities in existence along with the emerging state-of-the-art hacking techniques released, almost daily, makes securing these devices a near impossible task. Due to the cat and mouse nature of security, software engineers are not able to warrant the security of their systems when released for commercial usage. At best, security engineers have been leveraging machine learning techniques to predict possible threats that their solutions may face at runtime and to proactively secure them. However, it is still impossible to identify all the possible threats that a system may be exposed to in the long run.
A pressing matter that users should address is the extent to which they need to automate certain aspects of their life and whether they are willing to put their privacy, security and well-being in the hands of technological evolution. The average user lacks the technological maturity and knowledge to comprehend the pitfalls and threats arising from the usage of the IoT which can make it difficult to determine the optimal balance between their privacy/security and the use of IoT solutions. There is both a lack and a pressing need for educating users at large concerning the disadvantages that can emerge from the usage of the IoT market. Users need to make knowledgeable, fine-grained decisions, both concerning the devices they connect to the internet and the extent they make use of them.