Q&A – Internet of Things

We spoke with Metova CTO, Andrew Cowart regarding a new survey indicating confusion around the term IoT, high-adoption of IoT devices and a concern for privacy with connected devices.


According to a recent survey commissioned by Metova, less than 20% of people surveyed feel like they have a good understanding of what the Internet of Things is, however, nearly 70% of consumers already own at least one IoT device. From your perspective, what is the Internet of Things?


The Internet of Things is a term used for this current wave of sensors and devices that can all communicate and share data with each other, allowing you to automate tasks.  Internet of Things devices are those smart devices that either act as sensors, or take actions from the internet. Using some kind of hub – Google Home, Apple HomeKit, Samsung SmartThings, and more – you can set up logic between your devices so that one device can affect other devices.


What does it mean to “monitor utilities”? How can a utility provider (water, gas, electric, etc) leverage IoT?


Utility providers (and in some cases, consumers) can use IoT devices to get instant readings of their meters without needing to physically access it.  Using technologies like WiFi, LoRa, and more, utilities can either get instant readings from devices over the internet, or be able to quickly and efficiently scan utilities from a mobile scanner.


Consumers can also take advantage of some IoT devices to monitor their own utilities. Using these devices, consumers can tell (for example) how much electricity their items are using, an estimated cost of that electricity, and even remotely turn off any power hogs that they accidentally left on.


How can consumers benefit if their utility provider leverages IoT?


As a consumer, if your utility provider uses IoT meters, you can generally get up-to-the-minute updates on your usage. This is extremely helpful for helping track down power-hungry appliances, water leaks, or data usage.


Why are IoT retrofit devices such as smart plugs and thermostats so popular?


IoT retrofit devices are popular because it’s easy to provide a quick benefit. For a smart thermostat, you can take off your old thermostat, plug in your new one, and you’ll instantly start seeing results — In under 30 minutes, you’ve made a whole big system “smart”. Likewise for devices like smart locks, it’s as easy as just replacing the lock on the door.


With other IoT devices, they can require a more significant investment in both time and money.  With some smart light bulbs, for example, they can require a setup of both installing a hub, pairing each individual light to the hub, and then hooking it up to the service of your choice. This also requires effort for each additional light bulb that’s added/changed — it’s not complicated, but it is more effort for a perceived smaller gain.


Nearly half of consumers are moderately to extremely concerned about privacy issues associated with IoT devices. How does privacy relate to IoT? What should consumers be concerned about (if anything).


There is no central body that regulates these devices and makes sure they’re secure. Anyone could make an IoT device that also sends all of the data it produces to the company that made it. Anyone could make an IoT device that had more sensors, or did more than it claimed, and sent that information to a third party.  Or, even unintentionally — the device could just be programmed by a less experienced group of developers, who didn’t consider security when designing the product. This is why we’d recommend sticking to companies that have experience in the space, and large companies where the risk of bad press from insecure hardware outweighs


In regards to IoT and privacy/safety, what should people be concerned about? What are some things that people may be concerned about, that they should not be?


There is a lot of concern with devices large companies produce, like the Alexa — It has a microphone, it is always “listening” to hear the trigger word, what’s to stop Amazon from recording every conversation you have?  Realistically, though – that’s a lot of data if Amazon was collecting it for every user, it has little to no real benefit to them to do so, and if it got out that they were actually doing it, it would ruin the company. Devices from large and established companies should be the most trusted.


Can sensors be hacked to take over a person’s home?


In general, no.  Most of the IoT devices you can buy are exactly what they appear to be — a water meter, for example, doesn’t have a full computer inside of it that can be hacked, it’s very optimized to the task at hand.  In a worst-case scenario, if the water meter had a vulnerability, it could potentially be “hacked” to report a false value.


The realistic risk that most people would face is if an attacker were to get the user’s username and password, most commonly through reusing it on multiple websites (one of which got hacked), and log into their home automation system of choice.  In a scenario like that, if a user had a connected camera in their house, the attacker could view the camera as if they were the owner themselves. While this is troubling, it is also just the affected sensor — no other access to the rest of the home/network would be possible in this scenario.