What is IoT?

26 Nov 2016

The Internet of Things blah blah revolutionise fifty billions blah blah everything connects to the Internet blah change your life.

There’s a simple, boring, accurate definition: Internet of Things is a new name for ‘embedded systems’. There are already billions of invisible networked devices controlling parts of your life, and they’ve been running for decades. The major change is that more of them are connecting to the Internet.

OK, what’s an embedded system?

A computer that is part of a device. Perhaps an electronic device that contains a computer.

Where a general-purpose computer can be adapted by the user to suit many applications, an embedded system is pre-programmed for a single, specialised purpose. Usually you will buy the device hardware and software as a single unit for a single purpose.

You said that these have been around for decades. How is that possible?

Here’s a few examples. You will own many of them.

• Internet routers
• HVAC controls
• Car ECUs
• Fitbit
• Electronic children’s toys
• Battery chargers
• DVD players
• Hearing aids
• That box on the street that connects your house to the fibre network
• Electronic door locks

These are all embedded systems. They all contain a programmable computer. Most of them connect to networks, some of them to the Internet.

Every single one of these has a slew of security vulnerabilities. They were all designed to be cheap to manufacture. Practically none of them receive security updates.

Some IoT/embedded devices that give particular attention to security features are:

• DVD players (copy protection of discs)
• Game consoles (copy protection of discs)
• Pay TV/cable boxes (ensuring that customers have paid for their service)
• Smartphones (sandboxed execution of downloaded apps)

We’ll come back to these, as they provide great examples of the cost tradeoffs that we need to make to achieve good security.