Childproofing the IoT for a creative yet secure future



Insights

To help empower the engineers of tomorrow, computer science researchers are investigating the security implications of children interacting with IoT devices.

There’s little doubt the future success of the Internet of Things (IoT) will rely heavily on the ability of today’s science- and electronics-minded children to become tomorrow’s working engineers. However, that success will be guaranteed if the engineers of the future can be taught to overcome the security and privacy risks that come with an increasingly diverse range of connected devices.

Aside from everyday devices such as smartphones, tablets and PCs, which all have robust inbuilt security, children are increasingly coming into contact with a range of emerging Internet-capable devices — including wearables, smart gaming devices, and home automation systems —
that might not have the resources to support firewalls and other security measures. That means when children connect to the Internet using these types of devices, they are exposed to inherent risks — such as virus infection, hacking, and leaking of personal information — with which
they are unfamiliar.

While Nordic Semiconductor’s engineers ensure the company's wireless products feature extremely high-levels of security, there have been reports of other manufacturers’ smart locks proving vulnerable to hackers employing ‘passive eavesdropper’ and ‘man-in-the-middle’ (MITM) attacks.

With these security challenges in mind, the pertinent questions for researchers, developers, educators, and child advocacy groups become: How will children interact with this broad spectrum of IoT devices, what threats to their privacy and security do they need to be aware of, and how can we prepare them for a future of safe IoT interactions?

“Whilst technology for children might have been designed with privacy, safety and security concerns in mind, when children gain the skills and have the right resources to ‘build’ devices themselves, we need to ask ourselves what risks they might encounter and how we can prepare for that,” says Lancaster University’s Joe Finney, Co-Investigator for the ‘Childproofing the Internet of Things’ (IoT4Kids) joint initiative, launched
in November 2017.

The one-year IoT4Kids project aims to establish guidelines for young people to safely engage with IoT devices. To aid this important endeavour, researchers work closely with a group of school-aged children, who have each been provided with a Nordic-powered, IoT-ready, programmable handheld computer dubbed the “micro:bit”. Back in 2016, every year 7 school child in the U.K. was given a micro:bit as part of this British Broadcasting Corporation (BBC) driven initiative. The micro:bit is now
an international phenomenon supported by the not-for-profit Micro:bit Educational Foundation.

The micro:bit is based on a single Nordic Semiconductor nRF51822 Bluetooth Low Energy (Bluetooth LE) System-on-Chip (SoC) featuring
an Arm Cortex M0 processor, where software code that has been safely created by the school child is run. The processor also allows the device
to both wirelessly communicate with other micro:bits, and sync to or be updated from smartphones, tablets, and computers via Bluetooth.

A safer space
With the help of the micro:bit, Finney and other computer scientists on the IoT4Kids research team are currently exploring the parameters of a safer space for children to be creative with IoT devices. At the same time, the IoT4Kids project is focused on educating children about the possible risks of using connected devices not specifically designed around advanced security.

“We have seen many risks manifest into reality since the world has gone ‘online’. We need to be prepared for the next phase of the Internet of Things, where there are still many unknown risks associated with children potentially creating and interfacing with IoT devices, particularly if they are doing so unsupervised,” Finney says.

In order to protect children against the dangers of using new technologies to connect to the Internet, we first need to better understand the ways children would interact with IoT devices in the first place. Only then, according to Finney, can we establish appropriate educational guidelines and development policies to support a world of safe, private, and secure IoT engineering.

“The IoT4Kids project holds workshops with children to explore what they want to build. During this project children are designing IoT enabled devices and applications. Our research focus is on highlighting what needs to be in place to mitigate risks should such children then go on
to create such IoT solutions,” Finney explains.

“We intend for our final recommendations to inform the next steps for children’s education and contribute to formal policy — covering issues such as due diligence in the information that is shared, privacy and security guidelines, the role of adults and their responsibility to oversee activities, and the need for organisations to responsibly undertake ‘security by design’ when developing IoT products that could be used by children.”

It is hoped that research and education efforts like the IoT4Kids project will help the engineers of the future develop high security awareness and the skills needed to prevent the ‘bad guys’ getting the upper hand.

Helping researchers

School-aged children are helping researchers to better understand how they would interact with IoT devices such as the micro:bit.