Last month, according to the Chicago Tribune, a Lake Barrington, Ill. couple overhead a male voice speaking to their seven-month-old baby through the baby monitor.
“Immediately I barge into the room because I’m like, ‘Oh my God, maybe someone got in there,’” Arjun Sud, 29, told the Tribune. “The moment I walk in, it’s quiet.”
He also noticed their Nest thermostat had been cranked up to 90 degrees and when he took his child and left the room the voice followed, now yelling at them from the downstairs Nest security camera, using vulgar words.
As Sud fixed his gaze on the camera, the voice demanded to know: “Why are you looking at me? I see you watching me.”
Their devices had been hacked, giving the hacker almost omnipotent control. He could watch, listen, talk, and change the temperature via devices on the network. Nest is owned by Google, and later, Google’s response to users would be that Nest itself wasn’t breached. The company did, however, encourage users to choose stronger passwords.
“For example, if you use your Nest password for a shopping site account and the site is breached, your login information could end up in the wrong hands,” the company said in an email to Nest security camera owners, according to multiple reports. “From there, people with access to your credentials can cause the kind of issues we’ve seen recently.”
This is just one example of the dangers that occur as the Internet of Things expands and security concerns around it multiply. You’ve probably heard of most of the devices that make up the IoT. If you have an Amazon Echo in your house or a smart fridge, then you’re connected to the IoT. There’s also Nest, which offers smart thermostats, indoor and outdoor security cameras, and a variety of other products. Certainly, user error or lax security can be an exploited, but the fundamental structure of the IoT leaves it vulnerable to bad actors; devices today communicate through cloud servers, even if they are only a room, or few feet, apart.
IoT objects contain sensors, processors, and other technology that allows these devices to interact with other devices on a network. If you think about your computer connecting to your wireless printer, that might not be surprising. But if you think about how you can control your thermostat from your car, have your fridge tell you what you’re low on, and talk to your Echo to place an order paper towels—all in the span of a minute—then you start to see the layers upon layers of information that is being shared across a network. Those layers of connection and multitudes of devices connected to the internet create myriad vulnerabilities.
Blockchain could help address IoT’s security issues while opening up new business models, like dynamic product leasing and self-sovereign identity services, say experts. “Blockchain technology is the missing link to settle scalability, privacy, and reliability concerns in the Internet of Things,” writes Ahmed Banafa, an engineering professor at San Jose State University in an email. “Blockchain technology can be used in tracking billions of connected devices, enable the processing of transactions and coordination between devices; and allow for significant savings to IoT industry manufacturers. This decentralized approach would eliminate single points of failure, creating a more resilient ecosystem for devices to run on and the cryptographic algorithms used by blockchains would make consumer data more private.”
The IoT is growing rapidly. According to Statista, a provider of consumer and marketing data, the number of IoT devices is expected to increase to nearly 31 billion worldwide by 2020, with the market for such devices projected to be more than $1 billion annually in coming years.
Enterprise companies, or companies mostly focused on businesses, have already bought into blockchain on the IoT, and are investing in areas such as supply chain tracking and transparency. For these companies, it’s about securing data and also ensuring that the products and services they support are accurate, efficient, and accountable. If a company’s supply chain breaks down, or delivers a final product that is faulty, that impacts the company financially. But if your Amazon Echo sends a recording of you talking with someone to a random person in your contacts, there isn’t the same direct financial blowback. That doesn’t mean it’s any less important though. In fact, it might be more. Enterprise companies are already using blockchain to address the vulnerabilities we are seeing in consumer IoT. Their practices can give us an idea of what’s possible for consumer tech, and what is already being used in the real world.
Filament is a Nevada-based company focused on providing enterprise blockchain solutions to companies, allowing the transfer of immutable data between machines and distributed ledgers. CEO Allison Clift-Jennings compares what the company is working to accomplish with blockchain to what people were doing with the internet in the early aughts. Though it was initially used for researchers to communicate, eventually it came to include everything from banking to e-commerce and social media, which few foresaw during those early days.
“This global network called the internet, which seems pedestrian, mundane, and obvious today, was absolutely revolutionary and it’s not very old,” says Clift-Jennings. “It seemed revolutionary sending data through the air using radio, which we often take for granted. But it’s still pretty wild when you think about it, like black magic.”
With products like Blocklet, which is a blockchain hardware wallet for machines that provides a secure contract system and manages a cryptographic ledger from machine sensors, companies can build services or products on top of the system. Often, companies trying to track data across multiple vendors or departments involved in their own operations struggle with ensuring the data is accurate, trustworthy, and secure. Making sure that data, which often comes in different forms and doesn’t match, meets those requirements is a tall order for any company to address. Even more so when it’s done manually. But secure contracts on a blockchain, for example, makes this process easier, and automated. In essence, Blocklet enables a whole host of other possibilities for products that companies could offer.
“I foresee a possible future where we have more backlash against data leaks, basically, in the gathering of personal data to monetize it,” says Clift-Jennings, reflecting on why blockchain is a useful tool for the IoT. “It's going to become as unacceptable as pollution and other kinds of socially irresponsible global practices.”
For example, Clift-Jennings is interested in concepts like dynamic leasing, which blockchain enables. Dynamic leasing is the idea of only paying for what you actually use a car or truck for, and the wear and tear you put on it, rather than a flat fee no matter how little or how much you use your car, which is often the case when the only metric really used for pricing a lease agreement for a car today is the number of miles driven.
Another example is Walmart, which used blockchain to trace a package of mangos back to the farm where they were harvested. Using blockchain and IoT systems, the process took 2.2 seconds. Traditional methods of manual tracking would have taken almost seven days.
While Filament focuses on enterprise blockchain applications, Clift-Jennings says the consumer IoT market may end up being the most important. Consumers drive mass adoption and are the ones most deeply impacted at the end of the day. Even as the IoT creates more data, and therefore theoretically greater possibilities of data breaches, blockchain can hold this data in a secure, decentralized way that drastically reduces the chances of hacks or leaks, even as more data is created as the IoT grows. “I foresee a possible future where we have more backlash against data leaks, basically, in the gathering of personal data to monetize it,” says Clift-Jennings, reflecting on why blockchain is a useful tool for the IoT. “It’s going to become as unacceptable as pollution and other kinds of socially irresponsible global practices.”
Further integration of blockchain into the IoT of consumer electronics can help protect your data, if it’s cataloged and understood in real time, like all the factors dynamic leasing monitors when it comes to a car. For example, if a third party wants your data, systems can be set up, using blockchain, that allow you to make an informed choice about what you share. Not only this, but further blockchain integration could also give companies alternative options for revenue streams (like dynamic leasing, for example), that might push them to not rely so heavily on selling your personal data to push make money.
“For example, I don't necessarily need to share my exact salary,” says Gunther. “I just need to prove that I made more than, say, $25,000 a year to get some certain telephone plan. Or the other classic example is, I can prove my age without exposing my birthday.”
Adam Gunther, who works on blockchain technology at IBM, believes that blockchain will be key to proving identity, limiting how information proliferates, and making technology more secure. With current technologies “there’s always still some central point of trust or central root of authority that can be compromised, and the whole system becomes insecure,” says Gunther. “That’s where blockchain is that missing ingredient to solve the problem.”
In speaking about his work at IBM focusing on identity verification, Gunther raises the prospect of combining public keys with other private key encryption, including potentially biometrics (depending on the use case), with the end result being an exponentially more secure system than what we have today.
He likens integrating blockchain further into the consumer IoT to someone going to a cell phone store to get a new phone or plan. The store might want to do a credit check, or get information from your bank, but they won’t do that without you knowing. Your bank will come to you and ask permission to share certain information with this telco provider for the purposes of giving you a new phone and then you have to give permission.
Blockchain technology allows for further control about how much information is shared. “For example, I don’t necessarily need to share my exact salary,” says Gunther. “I just need to prove that I made more than, say, $25,000 a year to get some certain telephone plan. Or the other classic example is, I can prove my age without exposing my birthday.”
The end result is that less of your personal information is exposed to companies who are shipping IoT devices, as well as less vulnerable to hacks of those companies, where data is currently centralized. Remember what Google told Nest users? They reminded people that “if you use your Nest password for a shopping site account and the site is breached, your login information could end up in the wrong hands. From there, people with access to your credentials can cause the kind of issues we’ve seen recently.” But the fundamental issue there is that your information, and thousands of other people’s, is controlled by one shopping site, like Amazon.
The implementation of blockchain into consumer IoT has been somewhat slow to catch on, as both fields are developing quickly, but only within certain circles of the population. Volareo, which bills itself as a privacy-oriented and decentralized smart speaker, has slowed down its development as it discovered it was ahead of the market curve. But the company plans to use technologies like blockchain and ERC-20-based smart contracts in conjunction with traditional technology like Wifi and bluetooth to develop a more transparent and secure model of a smart speaker. Snips, a company that has made voice assistant technology that is private and decentralized, is also pushing a DIY smart speaker across the line, which uses blockchain to emphasize security and privacy.
Companies should also see the benefit of creating more decentralized networks when it comes to IoT, says Gunther. Businesses don’t actually need a lot of the information we give them. For example, they may need or want your age, but probably don’t need your birthday, which can be used to commit fraud if it’s stolen. And if companies who acquire all this data get hacked or the data gets stolen, then the public backlash against them poses a number of challenges. Facebook is a good example of the consequences of such blowback. According to Honest Data, a market research firm, 32 percent of Americans believe Facebook is having a “negative impact on society”, the highest percentage of any tech company.
Incorporating blockchain fully into a rapidly proliferating IoT certainly isn’t without its challenges, such as scalability, processing power and time, and storage, says Banafa. Data security and blockchains can be hard to conceptualize when it comes to the IoT. But imagine the totality of your data as a puzzle that comes together to show, well, you. Each piece of the puzzle is made up of pieces of data you’ve unknowingly given up, being stored in a bank vault. Sure, it’s secure enough, and such a vault could give you peace of mind, but the reality is that if someone does break in, they get it all. Further integrating blockchain into consumer IoT would effectively be like breaking up that puzzle into thousands of pieces, and placing each piece under lock and key in separate vaults. It’s not impossible to take and reconstruct, but the challenge is much more difficult.
The tools are here to create a more privacy-oriented, secure, and intentional network that could underpin the IoT as it grows; it’s just a matter of envisioning a future with different values than we have today. “In an IoT network, the blockchain can keep an immutable record of the history of smart devices. This feature enables the autonomous functioning of smart devices without the need for centralized authority,” says Banafa. “As a result, the blockchain opens the door to a series of IoT scenarios that were remarkably difficult, or even impossible to implement without it.”