In today’s rapidly evolving tech landscape, consumer IoT devices are transforming the way we live and work. But with this transformation comes a unique set of challenges—ranging from security concerns and legal regulations to sustainability demands. To shed light on these critical topics, we spoke with Matthew Inglis, a seasoned expert in the field, about the trends shaping the IoT industry and how Kontron is addressing these challenges with innovative solutions.
From the impact of new cybersecurity laws to the importance of energy-efficient designs, Matt shares invaluable insights into the future of connected technology and what businesses must prioritize to stay ahead. Let’s dive into the conversation!
Editorial Team: Can you share key insights or trends in consumer technology device that are of interest to you?
Matthew: Firstly, security. There’s a lot going on in IoT land, both in consumer and industrial. What were formerly industry guidelines and best practices are increasingly becoming law.
Recently a UK law came into force, affecting consumer IoT devices. Consumer devices that are connected to the Internet now by law in the UK must adhere to basic cybersecurity standards. For example, they can't have default passwords, which in the past have been an easy target for cybercriminals. Devices must also have a support period, so manufacturers and distributors must indicate how long they will be supported. There must also be a way to report faults back to the manufacturers. This new law (and NIS2 in the EU) is an example of the way that increasingly things that were previously considered good practice are becoming legal requirements for companies.
Another industry focus is sustainability and energy saving. Obviously, that's a really pressing issue everywhere and something that everyone should be concerned with, and our industry is falling in line. Our customers are looking to reduce their energy bills and recent high energy prices have put even more focus on that and made a lot of these moves to energy efficiency pay for themselves.
ET: What are some key components of security of a consumer-facing IoT device?
Matthew: One of the key aspects of security across consumer and industrial IoT is simply keeping the devices maintained. That’s a problem for some of our customers because they are used to a traditional embedded development model- for example you make an embedded system and you lock it down, test it thoroughly and it doesn't get changed for 15 years. Then it gets retired. For a connected system you can't safely take that approach - there will be security vulnerabilities.
It's important that the software be maintained. Modern IoT devices are complicated and typically have a number of different open-source packages in them, so you've got a fairly complicated mix of third-party software and a variety of different open-source software.
Each of these packages could have a security issue, which may be reported as a public vulnerability (CVE) that someone finds in a particular piece of software that your device is using. You then need to patch it, typically there will be a software update that addresses that vulnerability. Then you need to figure out how to get that update to the devices that are all scattered over everywhere. Then, how do you make sure that your device still works? What if the update breaks something?
Kontron’s IoT products bring the ability to update things remotely and to do it in a controlled and secure way. You can test it out to a small group of devices first, confirm all is well, and then deploy it out to your whole fleet remotely, monitoring the progress of the deployment and the ongoing health of your devices.
ET: So primarily the third-party software that goes on the device will have bugs and need patches?
Matthew: Is depends on the situation. There's an industry term called software bill of materials (SBOM). It is borrowed from hardware where you have a hardware bill of materials that consists of all the components and subsystems needed to create a product.
This software bill of materials is something that has developed in recent years. Companies might not have an SBOM for their devices, so they don't necessarily know what to look out for or what needs updating. Often their own application that they write is easier, usually because they’re familiar with it or it is at a higher level. Things like the operating system can be particularly problematic because it's so wide in scope, and you might not have the necessary expertise (e.g. embedded Linux) in house.
For maintainability’s sake it's a really good idea to make your device have as small a software footprint as possible. So, you get rid of all the software you don’t need on it and try to make as small an operating system image as you can. If there are components and things that you don't need to use, don't include them. Reducing your footprint has multiple benefits – your attack surface is reduced, and you also have fewer packages to monitor for CVEs.
Also, if someone does manage to gain access to one of your devices, the fewer tools you leave lying around to help them get further into your network, the better. This kind of “living off the land” attack is greatly hindered by removing any unnecessary software packages and utilities that you can. You wouldn’t leave a crowbar by the back door of your house, make sure you don’t do the software equivalent of that.
ET: How do you see Kontron connected solutions offering evolving to comply with industry threats?
Matthew: We increasingly see physical equipment being connected, and that's a lot of what our world is about. These OT and IT worlds have previously been separate. But when you connect devices and equipment to the Internet you get some great benefits - increased awareness, valuable data, the ability to build proactive systems, reduce energy consumption, improved end-user experience - all that kind of good stuff. But with these come additional security concerns.
One of the groups of people who are directly affected by this are the IT groups within the companies that want to move to connected systems. Normally they’re used to dealing with a fleet of laptops and desktops, and maintaining the security of that network. Then we in the IoT world come along with a variety of strange connected devices and want to put those on the network - it’s difficult for IT departments to know how to maintain those devices. When you own a fleet of Windows laptops, you know how to maintain them, but a fleet of unknown Linux devices are a bit scary because you don't quite know what's in them and what you need to do with them and whether they might bring additional security vulnerabilities.
That’s where Kontron solutions step in – providing a suite of products and services to help you build and maintain a secure IoT system. Choose what you need from our best-in-class gateway and hardware modules, managed secure OS solutions, and flexible device management and data gathering SaaS products, while you focus on building a great solution to deliver meaningful value to your customers.
Thank you very much Matthew for this great insides!
-----------------------------------------------------------------------------------------------------
About Matthew Inglis - Vice President, Engineering
Matthew is the VP of Engineering at Kontron America Seattle. Prior to joining Kontron in 2023, Matthew was VP Engineering at Bsquare, an IoT software company. He has extensive experience gained over more than 25 years of building software teams and creating embedded software and cloud systems. Matthew has developed systems across many industries and technologies including manufacturing and industrial, cutting-edge consumer electronics, and automotive. Matthew has a BSc in Computing and Real-Time Computer Systems from the University of Gloucestershire in the UK.
{{comment.comment}}