IoT, Home Automation & Intelligent Personal Assistants
by Brendan Neufeld
The Internet of Things
The term “Internet of Things” generally refers to the integration and proliferation of networked computer systems into the physical world. An IoT device is a physical object with any number of sensors and/or actuators accessed across a network.
Some IoT devices have a central hub or bridge which connects to the Internet and manages the state of all connected devices. The bridge does all of the “thinking” and ensures that all devices states are synced. Some devices connect directly to the internet, while some connect only to a local mesh network and still others do both.
Types of Networks
- Mesh (ZigBee, Z-Wave)
- Cellular (LTE, 3G/4G)
- Internet (WiFi, Ethernet)
- Bluetooth (BLE, Bluetooth 4.0)
The backbone of networked IoT devices are called mesh networks. A mesh network is defined as a local area network (LAN/WLAN/VLAN) that employs a decentralized connection arrangement. Each network node (device) is connected directly to each of the others. Network nodes can “talk” directly to each other without requiring the assistance of an ISP or Internet connection. Mesh networks don’t have a single point of failure (SPoF) so that if one node fails, the others can still communicate, either directly or through more intermediate nodes. A few advantages of mesh networks are:
- Low-power consumption
- Low data rate
- Little or no configuration
- No single point of failure
Recently, IoT security has become quite a point of contention. IoT devices are designed to be accessed outside the home via internet. IoT does not yet have established industry standards for communication and security, so the reasons for vulnerability may vary. To date, there has been little market incentive to secure these devices, though this may change in light of a few recent events. One of these events was the DDoS attack on a company called Dyn which provides DNS services to Netflix, Facebook, Twitter, Github, and many others. This particular attack illustrates IoT’s most prevalent vulnerability; in order to make a device (DVRs in this case) accessible to the internet, the device communicates with user’s router telling it to open a port. The device listens for connections on this port allowing the user to remotely control the device and get status info with little to no configuration. But these devices are often left with the factory password, and a less-than user friendly way to change it. You can see where this is going. The DDoS attack was perpetrated by malicious code installed on thousands of vulnerable IoT devices, overwhelming Dyn’s servers and consequently disabling websites across much of the continental US and Europe. Because it came from so many different sources, it was impossible to differentiate between legitimate and malicious requests. To install the malicious code, the attacker just had to scan the internet for common IoT ports and use factory default passwords for devices that use those ports. In fact, the attacker didn’t have to “hack” anything at all; it was the IoT device itself that bypassed the user’s firewall.
As cyber security gains more exposure in the public eye, the industry will need to take further steps to secure these devices. The US government actually just put out a request for public consultation on IoT security. In the meantime, there are a few things you can do to ensure your own privacy: 1) Use a VPN, 2) Only open ports for devices with personal passwords and 3) Disable UPnP on your router. Most of these vulnerabilities are the result of good intentions but, as usual, there are some bad apples out there.
A home automation system includes a computer with home automation software, the devices to be controlled, a wired or wireless network and usually an internet connection for remote control and access to APIs. An automation is a programmed rule comprised of a trigger (“when I arrive home”), a condition (“if after sunset”) and an action (“turn lights on”). Triggers can be scheduled, started by presence detection or by API calls, just to name a few.
Intelligent Personal Assistants & Bots
A bot is a software program that performs simple, repetitive, and automated tasks over the Internet. The most common examples are web crawlers, chatbots, and malicious bots. Usually they just perform some kind of data mining with linear responses to input. For instance, chatbots try to simulate human interaction by looking for certain text patterns submitted by users and responding with automated actions, which leads us to our next topic: Intelligent Personal Assistants.
An Intelligent Personal Assistant (IPA) is a program that can perform tasks or services for an individual. These tasks or services are based on user input, location awareness, schedules and API data (such as weather or traffic conditions, news, stock prices etc.). IPAs are similar to bots but usually have some form of AI component. Key to modern IPAs is their Natural Language Processing (NLP) capability as well as their ability to analyse data to improve results. When integrated with automation software, they can trigger automations using verbal commands. Amazon Echo, Siri and Google Home are the most popular consumer-targeted IPAs.
It is quite common to use IoT devices, IPAs and home automation software in conjunction. The lines between these three environments can sometimes become vague as some could qualify as all three (Amazon Echo, Google Home)
Just remember that the IPA processes/interprets the command, home automation software executes an action based on a command and an IoT device performs the action.