Devil is the details: Dirty little secrets of the Internet of Things

11 Apr

Is harvesting your data and turning it into a new revenue stream the only sustainable business model for Internet of Things device makers?

internet of things control touch userCredit: Thinkstock

Where is IoT going in the long run?… To cash in on the treasure trove of “everything it knows about you,” data collected over the long term, at least it is according to a post on Medium about the “dirty little secret” of the Internet of Things.

A company can only sell so many devices, but still needs to make money, so the article suggests the “sinister” reason why companies “want to internet-connect your entire house” is to collect every little bit of data about you and turn it into profit. Although the post was likely inspired in part by the continued fallout of Nest’s decision to brick Revolv hubs, there could a IoT company eventually looking for a way to monetize on “if you listen to music while having sex.”

The post is by the same guy running the “Internet of Sh*t” Twitter account; he works as a developer for a software company in Europe. You’ve surely seen IoT gadgets that seem like a joke, that make you wonder why in the world anyone thought it was a good enough idea to make it. While not every product tweeted by Internet of Sh*t is a real thing, the tweets are funny and have the scary potential to be real. Here are a couple of my favorites:

A smart device which alerts you to water your plants could also be considered to now give your plants an attack vector. Another would be an IoT gadget in your “smart home” that could lead to in-app purchase blackmail such as the tweeted joke about paying to delete footage of something an app “saw.”

In-app purchase blackmail

On Medium, “Internet of Sh*t” explained that there are indeed plenty of IoT devices that you would use over the very long term such as “household appliances you won’t replace for a decade. We’re talking about a thermostat, fridge, washing machine, kettle, TV or light — long term, there’s just no other way to be sustainable for the creators of these devices.” Those devices present “delicious” opportunities “for bloated internet companies.”

“The problem with the Internet of Things is that the hardware is only one aspect,” he pointed out. “The makers need to keep servers running to support them, keep APIs up to date, keep security up to date and, well, pay employees.” Over time, those costs will be more than what you paid for the device so the “sustainable” model is to keep collecting every little piece of data about you and then finding a way to profit from it.

For example, he quoted Nest CEO Tony Fadell who previously said, “We’ll get more and more services revenue because the hardware sits on the wall for a decade.”

If Nest wanted to increase profits it could sell your home’s environment data to advertisers. Too cold? Amazon ads for blankets. Too hot? A banner ad for an air conditioner. Too humid? Dehumidifiers up in your Facebook.

Nest may not be doing that right now, but “the future of your most intimate data being sold to the highest bidder isn’t dystopian. It’s happening now.” One example included Bud Light’s “Bud-E Fridge” as the makers called real-time data about how much beer is stocked “a wealth of knowledge” that will pay off in a couple years even if the fridge doesn’t make a ton of money. Brands are going to look at the data collected by their IoT devices as a new source of revenue stream.

If you think it is unlikely that your IoT devices will start cashing in on data it collects about you, then you might also believe it is a conspiracy theory that apps which request permission to access your microphone are “listening in” to serve up relevant ads. In some cases, it might be a coincidence if you suddenly start seeing ads about a topic that you recently discussed, but not always.

For example, your phone can be “listening” for what you watch on TV. Last month the FTC sent a warning letter (pdf) to unnamed app developers using Silverpush code that “can monitor a device’s microphone to listen for audio signals that are embedded in television advertisements.” Basically the apps can secretly listen to everything that happens in the background; Forbes explained how Silverpush uses a unique inaudible sound in TV commercials that you might not notice, but an app on your phone could. Once it hears that sound, the app knows what you are watching.

It’s important to note that Silverpush claims ads in the USA are currently not using audio beacons, but the FTC still said app developers need to notify users why their apps ask to use a phone’s mic. The FTC’s letter adds that “nowhere do the apps in question provide notice that the app could monitor television-viewing habits, even if the app is not in use.”

For the curious, here’s a list of Android apps which use SilverPush.

While some privacy advocates may care, sadly there are a plethora of people who don’t know or care what their apps or IoT devices are monitoring and collecting. How else do you explain the success of major TV brand makers even after smart TVs were labeled the ‘perfect target’ for spying on you? Since then, smart TVs were caught “eavesdropping,” tracking viewing habits, or snarfing up personal files such as those connected via a USB.

The post on Medium advises you to ponder what data you are giving away, where does it go, and if you even own the IoT device at all before you buy smart devices. A differentpost on Medium by Stephanie Rieger advises you to consider similar topics before you rent a house or apartment that comes equipped with “smart” features.

“Rarely does this process currently involve discussions about hardware versions, operating systems, apps, firmware, connection ports (barring cable/TV/phone) and who has the right or indeed responsibility and sufficient access privileges to install updates, pay monthly or annual subscriptions, or introduce new software into the system,” Rieger wrote. Since some of those smart devices can be collecting your data, be vulnerable to attack, or end up costing you a subscription to a service you don’t even want, then those are important answers you should demand.

We should demand answers about our collected data from the makers of our IoT devices as well, but as Internet of Sh*t pointed out, “Nobody really knows the answer because they don’t want to tell you.” The manufacturers probably believe “it’s better if you don’t know.”

Source: http://www.networkworld.com/article/3054011/security/devil-is-the-details-dirty-little-secrets-of-the-internet-of-things.html

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: