The IT Law Wiki

Definition[]

The Consumer Internet of Things (CIoT or Consumer IoT) is

network-connected (and network-connectable) devices and their associated services that are usually available for the consumer to purchase in retail and that are typically used in the home or as electronic wearables.[1]

Overview[]

In the residence, connected objects might include: thermostats, alarm systems, smoke detectors, doorbells, smart appliances (e.g., washers, dryers, refrigerators, ovens, televisions), door locks, door openers, and smart lightbulbs. Wearables for consumer use, such as smart wristwear and smart fabrics, as well as implants, for applications such as consumer health or identification, are also part of the consumer IoT. Smart phones are often serving as the human user interface for these components, as are smart home assistants.

Home assistants are increasingly common. They can provide information, perform tasks, and control other IoT components. Home assistants often use conversational interfaces, but can also use text and images as input. These voice-enabled user interface devices can be placed throughout a house. The ability to control these home assistants is included with every major smartphone operating system available today. The smart home assistant may connect and control some or all of the IoT components in the home.

Smart appliances can provide sensing and actuating capabilities, as well as a network interface. Examples include sous vide machines that can be remotely programmed and monitored, and refrigerators that alert the occupants when the milk is running low or the steak is going bad. A smart home security system may alert the home occupant to a burglary, high carbon dioxide levels, or a fire event, even if the occupant is not within the sounding alarm's range (likely done through text, email, or dedicated app). Smart homes may include systems for fire detection, monitoring and communication for fire suppression, and alerting first responders.

Chore automation is a growing trend for IoT devices in the home. This is where autonomous home appliances and devices learn about users' behaviors and identify the best time to perform tasks autonomously. For example, a thermostat could be linked to the owner opening the garage door, adjusting the temperature to the person's liking. A refrigerator or kitchen cabinet may communicate with the smart phone to inform the owner of items that need to be purchased at the grocery store.

While the idea of converting a home's control over to smart devices could be attractive, consumers may be hesitant to embrace IoT-based systems if they feel that their privacy and data are at risk. The proper implementation of security within consumer IoT software, firmware, and hardware is often a neglected and overlooked priority. Securing IoT devices is a major challenge, and manufacturers tend to focus on functionality, compatibility requirements, and time-to-market rather than security. The adoption of consumer IoT devices is expected to explode in the near future. However, the increased popularity and acceptance by the consumer must be weighed against the security risks inherent to every device attached to a network.

Risks[]

Consumer IoT components are challenged by many of the same cybersecurity risks as computers, smartphones, and other categories of IoT components. For instance, to attack IoT components, cyber criminals often probe the components for security vulnerabilities and then install malicious software ("malware") to surreptitiously control the device, damage the device, gain unauthorized access to the data on the device, and/or otherwise affect the device's operation without permission. The risks posed by malware-infected IoT components, however, may be more pronounced because their low costs and energy constraints often constrain the resources that are invested in their cybersecurity and, therefore, make them ripe targets for hackers intent on causing widespread harm. Indeed, given their growing volume, consumer IoT components are increasingly targeted as a means for penetrating other electronic components on the same network, or assembling an army of machines capable of transmitting Internet traffic without the device owners' knowledge as part of a DDoS attack.

References[]

Source[]