Privacy glossary

Internet of Things

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

What is the Internet of Things?

The Internet of Things (IoT) is the network of physical devices, vehicles, home appliances, and other items connected to the Internet or one another and capable of exchanging data. The term Internet of Things encompasses both the devices and the network structure that supports the devices. While the Internet can be characterized as meant for sharing information and connecting people and organizations, the Internet of Things is about physical objects, specifically giving a user, another device, or a program the ability to monitor and control these physical objects remotely.

IoT devices are found everywhere—in homes and businesses, in vehicles and outdoors. Their popularity is driven by multiple forces, making IoT one of the fastest growing parts of our online world. IoT devices can help people save money, improve safety and efficiency, or generally make their lives easier. However, the success and popularity of IoT comes with drawbacks. In the rush to meet this growing demand, the market has been flooded with devices whose designs haven’t always been well thought through. Industry and society are now playing catch-up on the security and privacy ramifications of so many connected devices in our daily lives.

What things are on the Internet of Things?

Connected devices, or “things,” can range from the tracker embedded in your pet, to smart home devices like door cameras or smart thermostats, to the HVAC and lighting systems of a large warehouse. The defining feature that makes something an IoT device is that it communicates with other devices over a network. The other devices may be computers, your phone, or other IoT devices. The network used to communicate is often the public Internet, but it doesn’t have to be—IoT devices can also communicate via internal networks, like a home Wi-Fi network or even Bluetooth.

IoT devices are sometimes categorized as either sensors (that measure and report) or actuators (that perform instructions). Some IoT devices (like smart thermostats), rely on their remote counterpart (the owner with the phone and app) to provide control. These devices are both sensors and actuators—they monitor activity, report to the remote controller, and respond to received commands. But other IoT devices have to make decisions in real time, so they involve local processing within the device. A frequently used example of an IoT device that makes decisions without the input of a remote controller is when an autonomous vehicle must react to a sudden appearance of a pedestrian in its path.

Where is IoT used?

IoT devices are found just about anywhere. In addition to the familiar applications in our homes and cars, they’re used in many capacities in business and corporate settings, for scientific research, healthcare, and agriculture. Here’s a small sampling of the places IoT devices are used:

  • Healthcare: Diabetics (or their caregivers) can use an Internet-connected blood sugar monitor.
  • Utilities: Electricity and gas providers can install smart meters that report on usage, eliminating the need for human meter readers.
  • Agriculture: Field sensors can report on weather conditions, and control other devices for irrigation.
  • Inventory control: IoT devices equipped with locating capability can report the whereabouts of inventory and delivery vehicles.
  • Environmental: IoT devices can monitor weather and other ecological events for improved prediction of natural disasters like hurricanes and tsunamis.
  • Pet safety: An IoT-enabled pet collar can track a lost pet.

The growth of IoT

IoT has grown at a staggering pace, and is projected to continue growing—there are now far more “things” on the Internet than people.

However, rapid growth often comes with growing pains, and IoT is no exception. Having many devices designed by different parties for different applications has resulted in very little standardization. There are now several groups working on defining standards for IoT to address issues like communication and security.

Even without the strain of the IoT boom, the Internet has become crowded. Content on the Internet is located by IP addresses, traditionally consisting of 4 numbers between 0 and 255 (called IPv4). These IPv4 addresses are now in short supply, creating a move to a new system that can support a larger number of public  addresses (IPv6). The IoT boom is putting more strain on the IP address system, contributing to the need to switch to IPv6.

How secure is IoT?

Security risks range from the vulnerability of business, government and infrastructure, to an individual’s personal safety. More IoT devices means many more vectors of attack on a network—every device is a potential weak point.

Unfortunately, IoT devices often have limited security controls. Basic security measures like encryption aren’t always employed or turned on by default. Updates to device software to fix bugs might not happen frequently enough, if at all if a company is shut down. Perhaps the biggest security risk is that devices often come with default logins for setup, and the user may not realize these logins ought to be changed before using. This leaves an open door for a hacker to access a system using a default login on an IoT device.

A recent law enacted in the United Kingdom bans IoT devices from having weak default passwords. This follows a previous UK law that requires manufacturers to provide an easy way for users to report bugs and problems with IoT devices, and requires transparency with regard to device software updates. But this is the only regulatory effort in the IoT sphere. The US offers some federal guidance, but no regulations.

How does IoT affect my privacy?

The IoT boom has had a positive effect on many people’s quality of life. But some would argue that upside has been negated by a loss of privacy. Lack of standardization and regulations means there are effectively no controls over how much data an IoT device can collect and relay back to its primary system. The user is often not even aware that data collection is happening or where it’s being sent. Take the example of a device in your car that monitors your driving: It may help you be aware of safety issues, but it may also report driving events such as your location or time of travel back to the manufacturer or your insurer, who could then share this data with anyone they wish.

Data about a thermostat’s settings (for example, if it’s set to change temperature when you leave for work and when you come home), or data about when you remotely access a doorbell camera, can be used to track your daily schedule. Smart speakers have been found to collect conversations they don’t need to be monitoring. It’s hard to overstate how much personal data can leak out to data collectors through devices you trust and use to improve your quality of life.

How to protect yourself and your IoT devices

Here are some suggestions for actions you can take to improve your security and privacy with respect to the IoT devices in your home and office:

  • Change default passwords on your IoT devices, and on your home router, to unique strong passwords. The password manager in the Brave browser can help you keep track of secure but hard-to-remember passwords.
  • Where possible, change the default username of any new IoT device. Default names can make it easy to identify the model of the device, which in turn makes it easier for a hacker to know what kind of attack might succeed.
  • Limit how much contact your IoT device has with the outside world. Only activate remote access when necessary. For example, if you only control your IoT lighting when you’re home, limit access to the light controller to only within your home network.
  • Keep up with firmware and software updates on your devices. Hackers are always finding new weaknesses to leverage, and manufacturers release updates to correct these issues.
  • Perform a home network audit (with a tool like wireshark or similar) to see which devices on your network are sending information, and where they’re sending it.
  • Isolate IoT devices on a separate network than the network your sensitive devices use. You can always switch your phone or computer over to the IoT network when you need to interact with them. But when you aren’t using them, they’re safely segregated away from your phone or computer.

Ready for a better Internet?

Brave’s easy-to-use browser blocks ads by default, making the Web faster, safer, and less cluttered for people all over the world.