Why balancing security with the changing expectations of device users is vital for OEMs
The Internet of Things [IoT] is a big deal in 2023. We wear IoT-connected devices, use voice-activated smart appliances, drive connected vehicles, and live in smart cities.
In many ways, IoT technology is powering our lives, and transforming the ways in which we interact with the world around us. What’s more, the technology is becoming more prevalent all the time, with the number of devices deployed worldwide set to increase by 18% this year to reach a total of 14.4 billion.
What has driven the huge surge in the use of connected devices?
According to Scott McLeod, associate professor of educational leadership at the University of Colorado, the answer is ‘convenience’. As our lives grow increasingly busy and complex, it becomes harder and harder to juggle the various responsibilities that we have.
The use of IoT technology brings a level of convenience to many everyday tasks and actions that makes our busy lives that much more manageable. No longer must you physically get up to switch a light on; now you can do so with your voice alone.
In many countries, gone are the day of sitting in traffic jams for hours on end – using IoT, your car can provide real-time travel data that helps you to avoid congestion, and save valuable time in the process.
Need to turn the heating up?
You no longer need to come home to a cold house as you can remotely control your thermostat from wherever you are.
Put simply, IoT technology is helping to redefine standards for convenience in the home, on the move, and at work.
As such, it is no surprise that consumers are craving greater convenience from their connected devices, and IoT original equipment manufacturers [OEMs] must therefore make user experience [UX] a key priority.
Keeping pace with the changing expectations of users when it comes to convenience is essential if OEMs wish to retain their competitive edge, and maintain growth. However, with new standards constantly being set by evolving technology, staying ahead of the curve is easier said than done.
Getting the balance right
Enhancing the UX takes time, and requires reams and reams of users’ personal data to be stored on their devices and on the Cloud.
This information helps OEMs to monitor user behaviour and preferences and, in doing so, identify which aspects of their UX design need to be tweaked for greater intuition and convenience. However, through the collection and storage of this data, devices users are considerably more exposed in the event of a cyberattack.
If their device is hacked, consumers face the stark possibility of having their sensitive information stolen, and the privacy of their lives compromised as a result (for example, gaining access to someone’s thermostat data can yield information about when the location is typically occupied or not).
With 1.5 billion IoT cyberattacks committed in the first half of 2021 – 639 million more than in 2020 – it is clear that the threat to device users is growing at a rapid rate. This creates a unique challenge for OEMs, who must carefully balance the expectations of consumers regarding convenience with the need to ensure that devices are sufficiently resilient to attack.
Part of the problem is that IoT cybersecurity is simply not a key consideration for many users. It is a consideration that most people expect OEMs to have made for them.
However, consumers often do not recognise the role that they must also play in assessing the risks that they face when using their devices. What matters most to users is how the technology can help to make their lives more convenient; security only becomes a concern in the event of an attack which, clearly, is too late.
What role must OEMs play?
It’s true that consumers need to be more aware of the concerns around cybersecurity. After all, they arguably stand to lose the most from attacks.
Despite this, OEMs must be realistic in their expectations. Ultimately, there is only so much that can be done to educate users on the risks; attacks will still take place, if not in such large numbers.
The onus to ensure that robust security is in place therefore lies with OEMs themselves.
Currently, however, many manufacturers are placing too much stock in the importance of enhancing UX, in the pursuit of greater consumer satisfaction, usage, and profits. By doing so, they are heeding the growing demand among users for more convenient IoT, but are actually compromising the security of those same users in the process.
A prime example of this is when OEMs first introduced keyless technology to vehicles. This was a significant step forward from a UX perspective, given that drivers were able to open their cars and turn the ignition on without having to physically use their key.
However, in many cases, this enhanced level of convenience came at the sacrifice of vehicle security, with thieves targeting such vehicles with relay attacks, or by ‘cloning’ keys. As a result, vehicle thefts in the UK reached a nine-year high in 2018/19, with more than 114,000 vehicles reported stolen in England and Wales alone over the period.
Evidently, many OEMs got the balance between convenience and security completely wrong in the first generation of keyless technology. Security has become a far greater concern to these manufacturers since, and second-generation tech has a wider range of protection and mitigation mechanisms.
However, this will give little comfort to those people who had their vehicles stolen because OEMs had not made the security infrastructure of their devices robust enough in the first place. For these individuals, the need to prioritise security over convenience has become all too apparent.
Therefore, OEMs need to recognise the role that device security plays in protecting brand reputation. By continuing to ignore security in favour of convenience, OEMs are effectively leaving consumer open to attacks – both digital and physical – and risking losing user trust consequently.
If the use of connected devices is to grow further, building trust among users is crucial. It is not enough to regard security as a mere afterthought; it needs to be an intrinsic part of device design, and should always take priority over convenience or face, in the longer term, the risk that new players entering the market use security as a robust USP to capture consumer trust and market share.
How Trustonic is helping
Trustonic is a leading provider of the industry-leading Trusted Execution Environment [TEE] – an environment for executing code in which those executing the code can have high levels of trust in the surrounding environment.
As such, we have the solution to help OEMs ensuring that they are compliant with relevant cybersecurity legislation, and that they have the highest possible level of protection.
Our hardware-backed security is recognised as a gold standard for the consumer IoT industry. We recently certified our TEE using the industry-standard Common Criteria Protection Profile, defined by GlobalPlatform, and achieved a class-leading EAL5+ certification.
Our TEE has also been deployed in more than 22 million vehicles and growing, sitting at the heart of the next generation of secure vehicles. Using a hardware-backed secure environment to perform critical operations, e.g., encryption and biometric authentication, and providing a trusted environment for applications and services will provide a robust platform for building future secure solutions.
OEMs choose our solution because, as a strongly certified component, it makes its considerably easier for them to meet both ETSI EN 303 645 and UNECE WP.29 Cyber Security requirements than by using alternative approaches.
Connected devices have become a truly intrinsic part of our lives in recent years, and play a hugely significant role in our daily routines.
Despite the benefits that they bring, they can also compromise our privacy and safety if they are not correctly designed and prepared with security standards like ETSI EN 303 645 and UNECE WP.29. OEMs owe it to their customers to ensure that they can feel confident in using their products and, in doing, so improve adoption of the technology.
We at Trustonic possess both the knowledge and means to assist OEMs in making this happen.