Will the Internet of Things rewrite the rules on cyber security?

There’s been lots of hype about the benefits of the Internet of Things (IoT), but ignoring the risks that come with it could have disastrous consequences.

Will the Internet of Things rewrite the rules on cyber security?
Photo: Pixabay

Not too long ago, the idea of communicating with your kitchen appliances or hopping in a self-driving car may have seemed like science fiction.

But the promise and potential that comes with connecting more gadgets online means that just about anything with an on/off switch can be connected to the internet and a remote controlling device over the same network.

By 2020, more than 50 billion devices are expected to be connected to the internet, meaning our world will become increasingly ‘smart’ as the Internet of Things (IoT) permeates into more parts of more people's lives.

We can already adjust the temperature and lighting in our homes from anywhere in the world; remote diagnostics can be performed on aircraft engines in real time; our cars can warn us of traffic problems and provide alternate routes.

And while all these connected devices may simplify our lives and streamline companies’ production and distribution, it also gives rise to a myriad of new security threats that have the potential to disrupt people’s online lives in new and frightening ways.

“There are no devices that can’t be hacked, it’s just matter of time and dedication,” warns Blagoj Kupev, an embedded systems designer with Scandinavian IT services and software development consultancy Seavus.

Data breaches

And as more systems and devices get connected, more sensitive corporate and personal information gets stored online, meaning an increased potential for hackers to cause serious harm.

Earlier this month, for example, it emerged that a data breach at US credit rating company Equifax may have left the sensitive financial data of up to 143 million Americans exposed.

And in Sweden, revelations that the country’s Transport Administration (Transportstyrelsen) ignored rules about data security resulted in the departure of the agency’s head and two ministers.

High-profile data breaches often involve capable hackers who are able to penetrate complicated security measures at major companies or public bodies.

Photo: Pixabay

But as the number of devices connected to the internet continues to multiply, so do the number of pathways open to nefarious individuals or groups looking to cause harm.

“If you make a cheap, unsecure device that requires users to set up their own security measures, you may sell more devices to more people. But the problem is these people may lack the knowledge to set things up correctly,” Kupev explains.

Even purchasing a high-end smart appliance with lots of security features doesn’t mean things can’t go wrong if users do not know how to use it properly.

“If your router is easily hackable, someone could then easily get access and hack into your smart oven, turn it on, and potentially start a fire in your house,” he continues.

The weakest link

Last year more than 900,000 routers in Germany were knocked offline by cyber-attack experts believe was at attempt to infect the routers with malware. While the attack didn’t result in any smart ovens getting hacked, the incident demonstrated an important principle that Kupev says everyone must remember in today’s connected world:

“The Internet of Things is only as strong as its weakest link – and it’s those weak links that are often subject to attacks”

Part of the problem, says Kupev, is that current cybersecurity approaches and strategies were designed for a time when anyone involved in computing device security likely had a certain level of technical knowledge.

“Now we have to make things usable for ordinary people,” he says. “The Internet of Things requires making it possible for consumers, rather than IT professionals, to be the first line of cybersecurity defence.”

At Seavus, Kupev and his colleagues specialize in designing systems and interfaces that are both secure and easy to use.

“We focus on embedded devices – anything that you can imagine being a part of the Internet of Things – to ensure secure communication between the devices and the network – and that devices always have predictable behavior,” he explains.

Photo: Pixabay

Despite having capable teams of programmers and rigorous testing procedures, many companies – be they retailers, manufacturers, or service providers – still have a hard time seeing the potential vulnerabilities in their own systems.

“There are a lot of companies who think ‘this will never happen’ and then they come back to us six months later saying ‘it happened’,” says Kupev.

The challenge, he explains, is being able to look at things from a different point of view.

“Often a client’s view of things can be quite narrow because they’re used to looking at things from the same perspective,” he adds. “Our job is to help them look at matters from a different angle and uncover vulnerabilities they would have otherwise missed.”

To illustrate his point, Kupev tells the story of an engine maker that invested heavily in ensuring a device’s “regular” communications systems are secure.

“They did magnificent work in securing Ethernet and other standard interfaces, but no one thought about the GPS system that was part of the engine control system as a possible target for hackers.”

No instructions required

Another example that illustrates Kupev’s “weakest link” and “user-friendly” principles involves payment terminals with a system that required service personnel to have special cards to activate the terminals’ service mode.

Since staff kept losing the cards, the company simply turned off the card function and allowed service access without card authentication, exposing the system to serious security threats.

“There are a lot of ‘side entrances’ into systems and devices that people assume are secure but which may not be that secure,” he says.

“We help identify holes in clients’ systems so they can see where the design needs to be improved and then we propose how they can fix it.”

Kupev believes both companies and consumers need to take greater responsibility for ensuring devices are secure and that sensitive data remains safe from hackers and other cyber-threats.

“The arrival of the Internet of Things means that more people need to be aware of what sort of data can be exposed,” Kupev explains. “There are simply lots more devices connected in new ways that are producing more data that can provide a lot of insight into our daily routines.”

First and foremost, companies need to do more to make setting up security features foolproof for the most technically illiterate consumers.

“The key is creating systems and instructions that are easy to follow so that people can set up devices and have control over what data those devices create and how that data is used,” he says.

“You have to make devices user-friendly so everyone can get the setting right even without an instruction manual.”

This article was produced by The Local Client Studio and sponsored by Seavus.


The unmanned supermarkets rescuing Sweden’s rural areas

One after another, grocery stores are shutting down in rural Sweden, leaving villagers to travel miles to buy food. But a new type of shop has sprung up in their wake: unmanned supermarkets in mobile containers.

The unmanned supermarkets rescuing Sweden's rural areas
Store manager Domenica Gerlach enters the Lifvs unmanned supermarket store in Veckholm, 80km outside Stockholm. Photo: Jonathan Nackstrand /AFP

In Veckholm, a village of a few hundred people 80 kilometres (50 miles) from Stockholm, the last grocery store closed more than a decade ago. Then, a year-and-a-half ago, even the little convenience store at the only petrol station locked its doors.

Villagers were left with no choice but to travel a half-hour by car to the closest supermarket.

But in July 2020, an automated, unmanned grocery store came to town. In a container dropped in the middle of a field, open 24 hours a day, the 20-square-metre (215-square-foot) supermarket sells hundreds of items — and there’s no cashier in sight.

“Since a while back, there has been nothing in this area and I think most of us living here have really missed that,” said Giulia Ray, a beekeeper in

“It’s so convenient to have this in the area,” she told AFP, doing her own shopping and restocking the shop’s shelves with her honey at the same time.

Shoppers unlock the supermarket’s door with an app on their smartphone. “We come here three times a week and buy stuff we need,” Lucas Edman, a technician working in the region for a few weeks, told AFP. “It’s a little bit more expensive but it’s fine. It’s a price I can pay to not go to another store.”

He scanned his pizzas and soda on the app on his phone, which is linked to his bank account and a national identification system — an added anti-theft security, according to the store. And it’s all done under the watchful eye of a single security camera.

Keeping costs down

In Sweden, the number of grocery stores — everything from superstores to small convenience stores — has dropped from 7,169 in 1996 to 5,180 in 2020, according to official statistics.

While the number of superstores has almost tripled in 24 years, many rural shops have closed down, often due, like elsewhere in Europe, to a lack of

Daniel Lundh, who co-founded the Lifvs, has opened almost 30 unmanned stores in rural Sweden and in urban areas with no shops in the past two years.

“To be able to keep low prices for the customer, we have to be able to control our operation costs. So that means controlling the rent — that’s why
the stores are quite small — but also controlling the staffing cost,” Lundh said.

He plans to open his first unstaffed supermarkets outside Sweden early next year.

Domenica Gerlach, who manages the Veckholm store, only comes by once a week to receive deliveries. She also manages three other shops, all of them mobile containers.

Peter Book, the mayor of Enkoping, the municipality to which Veckholm belongs, has only good things to say about the three container stores that
have opened in his patch. And he’d like to see more.

“It makes it easier to take a step to move there if you know you have this facility,” he said.

Meeting place and ‘salvation’

In Sweden, one of the most digitalised countries in the world, Lifvs, like its Swedish rivals AutoMat and 24Food which have also popped up in rural
areas, benefits from a very wired population.

In 2019, 92 percent of Swedes had a smartphone. Ironically, the unmanned shops — plopped down in the middle of nowhere — also play a role as a “meeting place” for locals.

“You come here, you get some gas and you go inside and get something, and maybe someone else is here and you can have a chat,” Ray said.
Mayor Book echoed the notion, saying the stores make it possible to connect society”.

The pandemic has also proven the stores’ usefulness, since no contact with other people inside the shop is necessary.

Because of Covid-19, only one person at a time is allowed inside the Veckholm store.

“My mother lives nearby as well and … this has been a shop she could actually enter during all this time. She hasn’t been (able to go) anywhere,”
Ray said of her 75-year-old mother. “This has been a salvation for her.”