If ten years ago some­body told you that a teenag­er out­side of your house could access your email, bank­ing, and even your per­son­al health infor­ma­tion, through flaws in your home­’s Internet-connected light­ing sys­tem you prob­a­bly think they were watch­ing too much sci­ence fic­tion. Unfortunately, this is becom­ing a real­i­ty in a world that’s increas­ing­ly pow­ered by con­nect­ed sen­sors. More specif­i­cal­ly, con­nect­ed sen­sors have three key prop­er­ties. First, they’re phys­i­cal objects like appli­ances. Second, they col­lect data from the envi­ron­ment around them. And third, they’re con­nect­ed to the Internet, so they can exchange infor­ma­tion with each oth­er, and oth­er systems.

So, these sen­sors have a wide range of capa­bil­i­ties. Some can see, or record video, oth­ers can mea­sure tem­per­a­ture or count the amount of par­ti­cles in the air. With con­nec­tiv­i­ty, they form a col­lec­tive that’s greater than the sum of their parts. So when peo­ple are talk­ing about the Internet of Things, they’re talk­ing about con­nect­ed sen­sors. And as we know, there’s a direct rela­tion­ship between our reliance on tech­nol­o­gy and the detri­ment that can hap­pen if things go wrong.

So for exam­ple, we all see the ben­e­fits of active safe­ty sys­tems in cars. In this pic­ture, we see an exam­ple of a car that avoids acci­dents by sens­ing the phys­i­cal envi­ron­ment around it and then wire­less­ly exchang­ing warn­ing mes­sages with oth­er near­by vehi­cles. But that same safe­ty tech­nol­o­gy, if attacked, can actu­al­ly allow you to immo­bi­lize a vehi­cle or even dis­able breaks while driving.

Image: ​“Hackers Remotely Kill a Jeep on the Highway—With Me in It” by Andy Greenberg

So, last year there was an exam­ple where two secu­ri­ty researchers showed how they are able to remote­ly access dash­board, steer­ing, trans­mis­sion, and even brakes of a car while it was dri­ving. Chrysler end­ed up hav­ing to issue a major recall which which cost them mil­lions of dol­lars. And these vul­ner­a­bil­i­ties affect even our most fun­da­men­tal infra­struc­ture, like the elec­tric grids that pow­er our cities and fuel our economies. And this ranges all the way from major cities to devel­op­ing nations. 

In this pho­to, we see an exam­ple of how con­nect­ed sen­sors can actu­al­ly help pro­vide elec­tric­i­ty in devel­op­ing regions of rur­al Haiti. So imag­ine if the elec­tric grid was attacked. Not only would we lose pow­er in our homes, but water treat­ment plants would stop func­tion­ing, oil refiner­ies would­n’t be able to pro­duce gaso­line, stock mar­kets would grind to a halt. Billions of dol­lars in damage.

These types of attacks are already at the fore­front of cybert­er­ror­ism. So the ques­tion that we need to ask is why is secur­ing con­nect­ed sen­sors any dif­fer­ent than secur­ing the com­put­ers that we already know and trust for things like online bank­ing and shop­ping? If we look back at his­tor­i­cal­ly how we deal with flaws in secu­ri­ty, we often rely on remote updates or patch­es to fix things after the fact.

Probably the best exam­ple would be your smart­phone. I’m sure at one point or anoth­er you’ve all updat­ed the soft­ware on your smart­phone. You do it because you think it makes your phone more secure. It’s a good idea. And in fact, your phone is con­stant­ly check­ing for these updates. But what about tiny sen­sor devices? How can we secure some­thing that may only have enough ener­gy to send a cou­ple of mes­sages per day?

Also, if you think…ten years in the future it’s esti­mat­ed there’ll be more than fifty dif­fer­ent con­nect­ed sens­ing devices per per­son. Who’s going to go around and update all of those dif­fer­ent sen­sors? What hap­pens if those updates fail? There a lot of soft­ware devel­op­ers that are afraid to put in live remote patch­ing for fears that that sys­tem in itself would actu­al­ly add secu­ri­ty vulnerabilities.

There’s also the con­spic­u­ous nature of these devices. They’re easy to steal because they sit out in the open. They’re hard­er to notice when they go miss­ing. They’re tricky to con­fig­ure, because often they don’t have key­boards or dis­plays. And if one of these devices gets infect­ed, it could spread through­out your entire house or your business.

And as is often the case with con­sumer appli­ances, the design­er of the next big thing, like this Internet-connected toast­er, is going to be rushed to ship units and meet dead­lines. They’re not going to stop to think about com­put­er secu­ri­ty. And even if they do, chances are they’re not going to be com­put­er secu­ri­ty experts. And what’s prob­a­bly most scary is even the very best com­put­er secu­ri­ty experts can’t make a sys­tem that’s secure for­ev­er. Every cou­ple of years we find flaws in our most deeply-rooted encryp­tion stan­dards. There was recent­ly one announced about Android, just a cou­ple days ago. There is in fact one axiom in com­put­er secu­ri­ty research that says there’s no such thing as a per­fect­ly secure com­put­ing system.

So at Carnegie Mellon University, we’ve been devel­op­ing and deploy­ing con­nect­ed sens­ing tech­nolo­gies for years. We’ve been trans­form­ing our cam­pus into a liv­ing lab­o­ra­to­ry so we can expe­ri­ence first-hand both the promise and the per­ils of con­nect­ed sens­ing tech­nolo­gies. So our goal is not only to improve their capa­bil­i­ties in terms of sens­ing and what they can do for us, but also increase our trust in the tech­nol­o­gy. We can see that there’s def­i­nite­ly ben­e­fit for con­nect­ed sen­sors to help stream­line our busi­ness­es, and improve our lives at home. But what we need to keep in mind is there’s also this bal­ance between risk and reward as we decide which devices should be con­nect­ed, and per­haps which should stay unplugged. 

So I’d like to leave off by ask­ing the ques­tion, do the ben­e­fits of con­nect­ed sen­sors out­weigh the risks, and where do we draw the line?