Home Blog The Quality of “Things”: Safety, Security and IoT Compliance

The Quality of “Things”: Safety, Security and IoT Compliance

It is estimated that the number of deployed IoT devices in the market today range between 25-30 billion! These devices are pushing or pulling a vast amount of data both personal and business, video, and sound (recording) over a complex network of platforms, grids, and subscriptions (consumers). Imagine the sheer amount of shared data, not to mention the data collected while connected to the internet/wi fi.

When you think about it, each of us are likely exposed (willingly or otherwise) to dozens of internet of things devices on a daily basis. Common examples include home smart devices, connected cars, factory sensors, living in smart city, lifesaving medical devices, and truly any item with an internet connection (or not in some cases).

As consumers of IoT things, we exhibit different behaviors and habits in terms of how we acquire our “stuff”. And, how long we will own and use these devices (beyond their supported life cycles).

The utility and use cases for devices seem to be infinite. IoT sensors provide a range of information from tracking sharks, to trucks, and to our own children. Not to mention commercial use like reading real time temperature, air quality, and movements in buildings. There is a proliferation of machine learning when IoT applications transmit information from machine to machine, autonomous vehicles, robots, and drones with more complex AI software. Cloud computing has never been more integrated with IoT data.

IoT ecosystem

As with any new area of technology, the IoT ecosystem even comes with its own bewildering vocabulary of acronyms.

Phrases like “AIoT” “IIoT”, “IoPT”, “zero-click”, “botnets”, “Stuxnet”, “bleeding tooth”, “PKI”, “mmwave”, “bricked”, “blesa”, “spoofing”, “Mirai”, reflect the myriad of vulnerabilities and evolution of IoT platforms and devices.

Aside from its own lexicon, these days, IoT stories lead the technology headlines. Through online or traditional media, we have all heard the unnerving stories about hacked coffeemakers, home security cameras, and speakers. Since many of these items can transmit sensitive information, videos, and images, it is understood that anything connected with sensor data automatically becomes vulnerable. Vulnerability can lead to danger with a few keystrokes. Not that a toaster is going to suddenly sprout legs and give chase, but these devices can provide nefarious characters with information that would otherwise be impossible to retrieve. Household appliances suddenly turn into unknowing “nanny cams” on innocent end users. When properly used, these devices can shine the spotlight on potential threats and provide information to law enforcement.

And what happens to all these billions of devices when they become outdated or no longer supported by manufacturers or supply chains? What are the risks, liability, and reputational concerns that linger when companies “retire” or “discontinue” device support, yet those devices will likely continue in use? In this throw-away culture, that most likely means it is on to the next latest and greatest. However, do the end users know it is best to fully disassemble some of these items lest they still contain sensitive information?

The leaps in IoT technologies, IoT systems and IoT platforms is astounding in itself. The speed of new devices to market, is causing unintended consequences. Cost and speed to market result in manufactures making security a low priority. And how will 5G and AI, substantial enablers, further fuel the complexity of challenges?

Way back in 2015, CIO magazine contributor Nicholas Evans warned that when it comes to IoT security: “It’s the wild west out there”. From this vantage point, it looks like he was right.

What now?

Since the pandemic began affecting shopping habits and working conditions, things have changed drastically in 2020. As a result, people are delving into digital and virtual means of communication – our society is increasingly virtual. With the approaching Black Friday and holiday shopping season, connected devices are certainly top of mind. With so many products that can “speak” to each other, it is unfortunately a pleasant surprise when a new gadget or product actually works as intended. If this happened all the time, QA Consultants would not exist! Perhaps it is the thousands of QA Engineers out there that would be part of those teams contributing to such success?

IoT is more than consumer products that are reviewed ad nauseam. Connected equipment for hospitals, ventilators in particular, are of significant concern. Specifically, these products were in high demand over the summer. Not to mention voting machines and their connected nature are on everyone’s mind these days. As a software engineer, it is easy to marginalize the devices. As a consumer, it is easy to see when hardware fails. It is disappointing to say the least, but more often than not, it is a software issue. The average consumer may see these problems as one in the same. The software and the hardware must both function as designed (and even sometimes not as designed), but together act as a complete product. Consumers expect their purchases to function, to be supported, to scale, and to be secure.

As we have seen time and again, IoT devices remain both the point of vulnerability as well as the enabler for even larger, more strategic attacks. The “URGENT/11” vulnerabilities in the healthcare space alone are highly concerning and indicative of how even medical devices with the best of intentions can be co-opted by bad actors. This, along with the access enabled for using the devices to propagate even more attacks, puts both business and consumers at risk if they do not know what they are investing in or how it has been tested. Regardless of the root cause, the cascading effects of poor quality can have significant downstream impacts. But, in all, the “product” is what is admonished.

As the data for 2019 continues to roll in (pun intended), we see significant increases in the amount of software-based recalls for vehicles in the US and globally. Yet, the majority of these require an in-person visit to the dealer. As consumers, we would not stand for having to take our computers to the store every time we need to update our operating system with patches, etc. We may be accustomed or habituated to expect constant updates (especially for security), but when a moving IoT device (also known as a connected vehicle) requires more trips back for standard software updates, it begins to degrade the full experience. As consumers, we expect the product to work. Ironically, the more expensive the vehicle, usually the more tech it has and the higher the expectation of a defect free, working product. One that does not always live up to that expectation, unfortunately.

It’s always easy to “Monday morning quarterback”, but as both consumer and business products become more and more a part of our lives, we are not only exposed to the frustrations of product failures, revenue impacts, and brand reputation, but the issues of liability and legal consequences will continue to increase. Connected vehicles, Autonomous robots, Smart Homes and Cities, etc. will all have opportunities to significantly improve and impact our lives, but when there are failures, who will ultimately be held responsible? We have a modern day trolley issue, but not just for AI.

There will be much more to explore in this topic in the coming years as we are only in early stages of truly connected physical and digital worlds, but the impacts are as large as the risks. We will continue to explore impacts of this risk as it relates not just to quality, but to liability and regulation. QA Consultants provides a full spectrum of software (UI & firmware) quality, performance, and security to the Internet of Things market. We have increased our capabilities and offerings so that customers in this space can obtain end to end validation of their product (hardware and software together).

Our strategic partnership with MiCOM Labs and its internationally recognized accredited device test and certification laboratory provides manufacturers and the device market a comprehensive solution for IoT safety, security, and compliance.

Together, MiCOM Labs and QA Consultants provide end to end software, compliance testing and certification services for Consumer Electronics, Wireless, Audio, Telecom, Internet of Things, Medical, Automotive and Aerospace industries.
 
[row] [col columns=”2″ breakpoint=”md”]
[/col] [col columns=”4″ breakpoint=”md”]

Brian Bernknopf

Managing Director, U.S. Ops

Brian Bernknopf is the Managing Director for U.S. Operations at QA Consultants.
Mr. Bernknopf currently serves as the Managing Director of QA Consultants USA, Inc. (QAC). He is responsible for the daily operations and management of the US business, ongoing sales and business development, staff and project management, and solution creation. QAC has been one of North America’s fasted growing independent software testing services firms over the last 20 years and Mr. Bernknopf is responsible for their US expansion. Mr. Bernknopf is also a board member to the Dallas Per Scholas program that has the mission of breaking the cycle of poverty through IT Job and Workforce Training. Mr. Bernknopf is a proven industry leader with a deep specialization in IT Consulting and Advisory, Software Quality Assurance, and IT Systems Integration. He has spent his 20-year career in management consulting and while having worked in multiple industry verticals and with a variety of software technologies, has always been focused on software quality management and governance. His responsibilities have included sales, delivery, and management of IT solutions and engagements focused on: QA Governance, Test Automation, Performance, Mobile QA, ERP (SAP), Package Applications (ERP\BPM\Etc.), COE Development, and complex QA solutions. Prior to joining QAC, Mr. Bernknopf was a Senior Vice President for KMS and a Vice President at Virtusa, where he led a 2000 person QA practice. Before Virtusa, Mr. Bernknopf was a Principal at Capgemini and was Director of their Insurance QA Practice. In addition to QA, Brian has experience in large program and project management, alliance management, and marketing. Mr. Bernknopf has over 20 years in the Quality Assurance and Quality Management industry and is a frequent speaker at Quality Management events. His early patent applications for test automation built the foundation for his QA career and a pursuit of QA Solutions
Expand to see all text about Brian Bernknopf
Collapse text
LinkedIn Brian Bernknopf
[/col] [col columns=”2″ breakpoint=”md”]
[/col] [col columns=”4″ breakpoint=”md”]

Bill Klages

Vice President of Influencer Relations & Partner Management

Bill Klages is Vice President of Influencer Relations & Partner Management at QA Consultants.
Bill is Vice President of Influencer Relations & Partner Management Bill leads QA Consultants’ third-party Advisor and industry Analyst relations. Based in Los Angeles, California, Bill also supports U.S. sales and drives business development for the U.S. West Coast region. Bill comes to QA Consultants as a seasoned B2B marketing leader and analyst relations expert with over 25 years of experience in marketing, business development, consulting and executing delivery of global services (technology and business process) solutions. He is an experienced and trusted advisor who provides expertise and comprehensive knowledge of the global sourcing market and has consulted on strategic, global service delivery models. Previously, Bill consulted Global 2000 companies on executing large ITO and BPO global delivery solutions. Prior to his role at QA Consultants, Bill led the Global Advisor Relations function for a mid-tier global technology service provider. He spent 7 years as a Senior Advisor for a global boutique advisory firm, Information Services Group where he consulted with companies including Caterpillar, Google, Yahoo, Walgreens, Warner Bros., Kraft Foods, and more. When at Arthur Andersen, Bill was a Senior Manager responsible for a portfolio of business process outsourcing (BPO) clients in the Chicago area. Before switching to marketing, Bill began his career as a Big 4 auditor and a Certified Public Accountant and worked in corporate finance and treasury leadership roles. With an interest in marketing, Bill earned his MBA from Northwestern University focusing on Marketing and International Finance. Never one to shy from numbers, Bill is an inactive member of the American Institute of Certified Public Accountants. On a personal note, Bill enjoys golfing, snow skiing, playing the guitar, and took up surfing late in life. “Something very special about being in the water early in the morning and having dolphins playing right next to you!”
Expand to see all text about Bill Klages
Collapse text
LinkedIn Bill Klages
[/col] [/row]