In my opinion the current applications that we have in today's industry shows that IoT concept is valid and reliable. Even though the term "Internet of Things" was coined in 1999, the idea dates back to older times. Ambient Intelligence and Pervasive or Ubiquitous Computing also refer to similar concepts.

Dear Zakariya,

The Internet of Things is still very much an "unregulated space". Add to that, the general lack of realization that often components with have limited or no real security. On top of that, many users fail to grasp the significance of this from a security and privacy perspective, and you have a recipe for disaster. Equally, very few users actively monitor what is happening with their systems, and many fail to ensure the proper maintenance of a full forensic trail. Another shortcoming is the propensity to assume that their personal, or corporate, firewall will shield them from attack. The short answer to that is no it won't.

So, with no current security standards for IoT, no specific regulations, limited understanding of security requirements by users, often no or poor security on devices and add to that the number of people trying to create vast botnets using the Mirai virus, and you can see there will be no meaningful security any time soon. And no meaningful security means there will be little chance of privacy. You can have security without privacy, but you can't have privacy without security. So, without security, you can never ensure privacy.

Think of a number of recent hacks on IoT devices. within the last three years, we have seen various cars being hacked while being driven, where the engine has been cut, brakes disabled, cars accellerated; in medical environments, we have seen hospital drug pumps hacked to send fatal drug doses, pacemakers turned off; in domestic environments smart fridges turned off, smart heating interfered with, smart meters hacked; to name just a few (thankfully by researchers). However, we have also seen a number of real time hacks, such as power utilities being shut down, sewage works interfered with, and of course massive DDOS attacks using IoT devices hacked using the Mirai virus. Add to this, the recent porting of the Mirai virus to Windows, means insecure IoT devices can now provide an easy route in to corporate and domestic systems. A great deal will have to be done before we can look forward to a decent level of security and privacy in IoT devices.

A recent new virus, BrickerBot, actively seeks out insecure IoT devices, but instead of trying to harvest them instead tries to kill them, so that they can no longer be exploited. Of course, this might also destroy the device in the process, which could be an issue for a critical device. A couple of years ago, the Linux.Wifatch virus broke in to insecure IoT devices, and installed patches to make the devices secure and resistant to conventional attack, a much better approach to the problem.

In the US, the Federal Trade Commission have started fining manufacturers for selling insecure IoT devices, so that might give them an incentive to do better. Asus was pursued for simply failing to distribute security patches for their routers, and settled for a $400,000 fine. No doubt, fines will get more punitive, and that could well help get the attention of the manufacturers. Of course, it does not help when users buy insecure devices without considering the lack of security.

So, don't hold your breath waiting.

I hope that helps.

Regards

Md. Golam Sarowar