Skip to content

The Quality of “Things”: Safety, Security and IoT Compliance

It is estimated that the number of deployed IoT devices in the market today range between 25-30 billion! These devices are pushing or pulling a vast amount of data both personal and business, video, and sound (recording) over a complex network of platforms, grids, and subscriptions (consumers). Imagine the sheer amount of shared data, not to mention the data collected while connected to the internet/wi fi.

When you think about it, each of us are likely exposed (willingly or otherwise) to dozens of internet of things devices on a daily basis. Common examples include home smart devices, connected cars, factory sensors, living in smart city, lifesaving medical devices, and truly any item with an internet connection (or not in some cases).

As consumers of IoT things, we exhibit different behaviors and habits in terms of how we acquire our “stuff”. And, how long we will own and use these devices (beyond their supported life cycles).

The utility and use cases for devices seem to be infinite. IoT sensors provide a range of information from tracking sharks, to trucks, and to our own children. Not to mention commercial use like reading real time temperature, air quality, and movements in buildings. There is a proliferation of machine learning when IoT applications transmit information from machine to machine, autonomous vehicles, robots, and drones with more complex AI software. Cloud computing has never been more integrated with IoT data.

IoT ecosystem

As with any new area of technology, the IoT ecosystem even comes with its own bewildering vocabulary of acronyms.

Phrases like “AIoT” “IIoT”, “IoPT”, “zero-click”, “botnets”, “Stuxnet”, “bleeding tooth”, “PKI”, “mmwave”, “bricked”, “blesa”, “spoofing”, “Mirai”, reflect the myriad of vulnerabilities and evolution of IoT platforms and devices.

Aside from its own lexicon, these days, IoT stories lead the technology headlines. Through online or traditional media, we have all heard the unnerving stories about hacked coffeemakers, home security cameras, and speakers. Since many of these items can transmit sensitive information, videos, and images, it is understood that anything connected with sensor data automatically becomes vulnerable. Vulnerability can lead to danger with a few keystrokes. Not that a toaster is going to suddenly sprout legs and give chase, but these devices can provide nefarious characters with information that would otherwise be impossible to retrieve. Household appliances suddenly turn into unknowing “nanny cams” on innocent end users. When properly used, these devices can shine the spotlight on potential threats and provide information to law enforcement.

And what happens to all these billions of devices when they become outdated or no longer supported by manufacturers or supply chains? What are the risks, liability, and reputational concerns that linger when companies “retire” or “discontinue” device support, yet those devices will likely continue in use? In this throw-away culture, that most likely means it is on to the next latest and greatest. However, do the end users know it is best to fully disassemble some of these items lest they still contain sensitive information?

The leaps in IoT technologies, IoT systems and IoT platforms is astounding in itself. The speed of new devices to market, is causing unintended consequences. Cost and speed to market result in manufactures making security a low priority. And how will 5G and AI, substantial enablers, further fuel the complexity of challenges?

Way back in 2015, CIO magazine contributor Nicholas Evans warned that when it comes to IoT security: “It’s the wild west out there”. From this vantage point, it looks like he was right.

What now?

Since the pandemic began affecting shopping habits and working conditions, things have changed drastically in 2020. As a result, people are delving into digital and virtual means of communication – our society is increasingly virtual. With the approaching Black Friday and holiday shopping season, connected devices are certainly top of mind. With so many products that can “speak” to each other, it is unfortunately a pleasant surprise when a new gadget or product actually works as intended. If this happened all the time, QA Consultants would not exist! Perhaps it is the thousands of QA Engineers out there that would be part of those teams contributing to such success?

IoT is more than consumer products that are reviewed ad nauseam. Connected equipment for hospitals, ventilators in particular, are of significant concern. Specifically, these products were in high demand over the summer. Not to mention voting machines and their connected nature are on everyone’s mind these days. As a software engineer, it is easy to marginalize the devices. As a consumer, it is easy to see when hardware fails. It is disappointing to say the least, but more often than not, it is a software issue. The average consumer may see these problems as one in the same. The software and the hardware must both function as designed (and even sometimes not as designed), but together act as a complete product. Consumers expect their purchases to function, to be supported, to scale, and to be secure.

As we have seen time and again, IoT devices remain both the point of vulnerability as well as the enabler for even larger, more strategic attacks. The “URGENT/11” vulnerabilities in the healthcare space alone are highly concerning and indicative of how even medical devices with the best of intentions can be co-opted by bad actors. This, along with the access enabled for using the devices to propagate even more attacks, puts both business and consumers at risk if they do not know what they are investing in or how it has been tested. Regardless of the root cause, the cascading effects of poor quality can have significant downstream impacts. But, in all, the “product” is what is admonished.

As the data for 2019 continues to roll in (pun intended), we see significant increases in the amount of software-based recalls for vehicles in the US and globally. Yet, the majority of these require an in-person visit to the dealer. As consumers, we would not stand for having to take our computers to the store every time we need to update our operating system with patches, etc. We may be accustomed or habituated to expect constant updates (especially for security), but when a moving IoT device (also known as a connected vehicle) requires more trips back for standard software updates, it begins to degrade the full experience. As consumers, we expect the product to work. Ironically, the more expensive the vehicle, usually the more tech it has and the higher the expectation of a defect free, working product. One that does not always live up to that expectation, unfortunately.

It’s always easy to “Monday morning quarterback”, but as both consumer and business products become more and more a part of our lives, we are not only exposed to the frustrations of product failures, revenue impacts, and brand reputation, but the issues of liability and legal consequences will continue to increase. Connected vehicles, Autonomous robots, Smart Homes and Cities, etc. will all have opportunities to significantly improve and impact our lives, but when there are failures, who will ultimately be held responsible? We have a modern day trolley issue, but not just for AI.

There will be much more to explore in this topic in the coming years as we are only in early stages of truly connected physical and digital worlds, but the impacts are as large as the risks. We will continue to explore impacts of this risk as it relates not just to quality, but to liability and regulation. QA Consultants provides a full spectrum of software (UI & firmware) quality, performance, and security to the Internet of Things market. We have increased our capabilities and offerings so that customers in this space can obtain end to end validation of their product (hardware and software together).

Our strategic partnership with MiCOM Labs and its internationally recognized accredited device test and certification laboratory provides manufacturers and the device market a comprehensive solution for IoT safety, security, and compliance.

Together, MiCOM Labs and QA Consultants provide end to end software, compliance testing and certification services for Consumer Electronics, Wireless, Audio, Telecom, Internet of Things, Medical, Automotive and Aerospace industries.
[row] [col columns=”2″ breakpoint=”md”]
[/col] [col columns=”4″ breakpoint=”md”]

Brian Bernknopf

Managing Director, U.S. Ops

LinkedIn Brian Bernknopf
[/col] [col columns=”2″ breakpoint=”md”]
[/col] [col columns=”4″ breakpoint=”md”]

Bill Klages

Vice President of Influencer Relations & Partner Management

LinkedIn Bill Klages
[/col] [/row]