Eyes, ears, and now arms: IoT is alive

I’ve never quite seen anything like this in my two decades of working in the Internet of Things (IoT) space. In just a few years, devices at home and work started including cameras to see and microphones to hear. Now, with new lines of vacuums and emerging humanoid robots, devices have appendages to manipulate the world around them. They’re not only able to collect information about their environment but can touch, “feel”, and move it.

This is equal parts exciting and concerning. Cheap and unregulated devices are imminently hackable with horror stories of bad actors accessing media feeds and spying on users. Armed with, well, arms, this evolution interconnects cybersecurity with physical security.

Of course, “robots” have always been the endgame for device developers. But before we move from passive to physically interactive devices, we first need to understand what this means practically and how to safeguard implementation. Let’s consider how nipping this emerging threat in the bud starts with good cyber hygiene and hardwired guardrails.

Next stop, robots

This has been on my radar since the start of the year. Our team attended the Consumer Electronics Show (CES) in January and the smart home segment was particularly popular. Roborock’s Saros Z70 robot vacuum quickly caught our attention.

This device goes beyond basic cleaning by using IoT-enabled sensors to detect obstacles. Then, more than being able to see what’s in front of it, the vacuum is equipped with a physical arm to pick up and relocate objects. The intention is to bridge the gap between sensing and action in everyday scenarios, and vacuums are just the beginning: Tesla is teasing its line of humanoid robots and NVIDIA’s “fast-thinking action model” Isaac GR00T N1 is on the way.

But, knowing the history of smart devices getting hacked, there’s cause for concern. From compromised baby monitors to open video doorbell feeds, bad actors have exploited default passwords and unencrypted communications for years. And now, beyond seeing and hearing, we’re on the verge of letting devices roam around our homes and offices with literal arms. What’s stopping a hacked robot vacuum from tampering with security systems? Or your humanoid helper from opening the front door?

We must bake in protection

This might read like science fiction but it’s both real and a security vulnerability we need to address. People are already wary of other emerging technologies like artificial intelligence and its lax attitude to copyright, privacy, and security. And, as mentioned in my previous piece, more than 60% of users are worried about their smart security systems or cameras getting hacked. This trust gap will likely persist with devices that can not only see and hear but autonomously move around. Something’s got to give.

If developers want robots to become a reality, they need to create confidence in these systems immediately. This means following best practice cybersecurity by enabling peer-to-peer connectivity, outlawing generic credentials, and supporting software throughout the device lifecycle. Likewise, users can more safely participate in the robot revolution by segmenting their home networks, implementing multi-factor authentication, and regularly reviewing device permissions.

Consumers deserve peace of mind and developers can deliver this with encryption, segmentation, and permission controls at the device level. We’re witnessing giant leaps in capability and baking safety into the foundation of these emerging devices should be non-negotiable.

Securing the digital and physical

We’ve come so far in such a short amount of time. Only a few years ago, always-on audio and video feeds seemed like such a big step forward. Likewise, these sensory additions brought new cybersecurity headaches to IoT. Adding arms and physical manipulation into the mix considerably ups the ante. We’ll undoubtedly have more use cases and security issues to work around.

Developers must meet the moment and take their impact more seriously. And let’s hope regulators can also help close the gap. Lawmakers on both sides of the Atlantic are introducing new baseline requirements for connected devices. Europe’s Cyber Resilience Act and The United States’ Cyber Trust Mark – with the former being far stronger than the latter – should remove some of the low-hanging hacking fruit.

We’ll need to pay close attention to whatever happens next. Bad actors using backdoors to access a device’s “eyes” and “ears” is one thing, but physical capabilities in the real world are entirely another. IoT is alive – it’s time we act like it.