27 September 2023

Get in line: How engineers are helping IoT devices work for, not against us

Start the conversation

Lachlan Gilbert* says UNSW engineers are exploring how IoT devices will change our lives for the better, but not before they are made much more secure.


Dr Hassan Habibi Gharakheili with one of the bus queue sensors. Photo: UNSW

Dr Hassan Habibi Gharakheili, a lecturer with UNSW’s School of Electrical Engineering and Telecommunications, is excited about the potential that the Internet of Things (IoT) offers us but is equally aghast at how insecure are some IoT devices — which many people already have in their homes.

We commonly associate IoT with smart home and building automation, where several devices are linked together on a common wireless network, which we can control remotely over the internet using a mobile phone or PC.

Think airconditioners, fridges, lights, security cameras and baby monitors.

But as Dr Gharakheili is showing, we have barely scratched the surface with the ways that we can use IoT to improve our social and professional lives.

Dr Gharakheili is part of a program that is examining low-cost and accessible ways to provide information about how public and commercial spaces are being used at any given time using real-time information.

Using the UNSW campus as a testing ground, Dr Gharakheili and a team of engineering students are looking at patterns of how people use and move through the various campus spaces.

For example, the use of lecture theatres reveals a typical pattern of being chock-a-block full of keen students at the start of a term and then sparsely attended by term’s end.

If you had live records that were continually updated about the numbers of people using the theatres over time, the spaces could potentially be managed more proactively.

But the question facing Dr Gharakheili and his students was — short of asking the lecturer to do a headcount every lesson — how do you work out how full the theatres are, all the while ensuring privacy isn’t breached?

“Cameras might be a way to do it, but they’re not only expensive but intrusive,” Dr Gharakheili says.

“We found there are fairly cheap ‘beam counter’ sensors that do the job perfectly.”

“So, we mount some on the frame of each door, which count how many people come in versus how many go out.”

Similar technology can also be used to enable users to make planning decisions on the fly.

Dr Gharakheili installed sensors that his own students built from scratch near a bus stop that was notoriously overcrowded.

Long lines would snake their way up High Street and well inside the gates of the campus as hundreds of students and staff converged for the commute home.

With live data of the number of people waiting for the bus now available, decisions on whether extra busses need organising in those peak times become much more responsive.

Other applications of Dr Gharakheili’s Smart Campus project include providing the number of car spots available in the University’s various car parks as well as sensors that can detect how a building’s rooms and corridors are used during the day — all achieved cheaply and anonymously.

There is no question about the way IoT can make life easier for us all.

But as Dr Gharakheili is all too aware, there is a darker side to the world of IoT devices.

“It turns out most of these popular IoT devices marketed at the home consumer are insecure,” Dr Gharakheili says.

“In other words, they can be easily hacked.”

“The reason for this is that the primary concern of the manufacturer was to put together something which is fancy and that comes at a low price.”

“But security was something they never really thought about because if you want to secure a device, you need to put in a memory CPU and you need software to protect and encrypt that.”

“And that adds to the cost of the device and takes time.”

IoT devices that are not secure are accessible from anywhere on the globe, Dr Gharakheili says.

Hackers can launch cyberattacks on companies by recruiting people’s insecure, exposed IoT devices without their owners having the faintest clue.

“These devices communicate using plain text, it’s not encrypted.”

“And in addition to your devices being used in a cyberattack, in some instances, they’re giving away some of your personal data you’ve used to set up those devices.”

To address these serious flaws of IoT devices, Dr Gharakheili is working on software that can be introduced to the home and business network that can make IoT devices safe.

The first thing the software does is an audit of all the IoT devices on that network — not only how many, but which are operational.

“Especially in businesses, many operators are blind to how many IoT devices they have on their networks,” Dr Gharakheili says.

“What sort of device is it, what is its job, is it working properly, how is it being used — the answer is very unclear in most cases.”

Unlike a laptop or smartphone, IoT devices have very distinct and unvaried ways of communicating that make them easy to identify.

“IoT devices have prescribed functionalities by the manufacturer,” Dr Gharakheili says.

“For example, your security camera should not talk to Netflix, your smoke alarm should not be accessing news websites, your lightbulb should not be talking to a Google website.”

“If they are behaving like this, then something is wrong.”

“Using AI and machine learning, we can pick this behaviour and isolate a device that has been compromised.”

Dr Gharakheili says he and his colleagues, including Professor Vijay Sivaraman, have been working on the software identifying anomalies with IoT devices for the past two years.

The group is hoping to commercialise the work this year.

* Lachlan Gilbert is Media and Content lead, STEMM, at UNSW.

This article first appeared at newsroom.unsw.edu.au/news.

Start the conversation

Be among the first to get all the Public Sector and Defence news and views that matter.

Subscribe now and receive the latest news, delivered free to your inbox.

By submitting your email address you are agreeing to Region Group's terms and conditions and privacy policy.