11 August 2017

IoT In Retail: What Are The Risks?

Improved customer experience, new revenue streams and smarter, automated supply chains are just a handful of the benefits the retail industry can expect from the arrival of the Internet of Things (IoT). The ability to tailor advertising, automate customer discounts on products and create a customer experience uninterrupted by staff, all triggered by walking through the shop door are benefits hard to ignore.

With digital progression comes opportunity, but with new technology comes new risks. It would be too good to be true to jump into a new age of shopper experience without security implications. The message is clear for retailers, maximise early opportunities that IoT offers or get left behind, disrupt or be disrupted. Like any early adoption of new technology, it’s an all too common sight to see implementation with security as an afterthought.

But what do the threats really look like? Below we’ve addressed some of the new technologies to expect, and the possible security implications of each.

+ Contactless Checkouts

We can see with Amazon’s concept shop that a smart shop is their vision of the future.  However, in the same way that after self-service check outs were implemented customers were able to reduce the cost of their shop by being less than honest about what product they were scanning, there is the potential for inventory tracking, smart shelving and contactless checkout systems to be fooled into billing customers the wrong amount for their goods.

+ Smart shelving

Smart shelves give companies a much better ability to track customers and their spending habits.  This will allow them to get a much better picture of what you as a customer are like.  However, with increased understanding comes the potential of customer backlash due to perceived spying.  Unfortunately for those privacy conscious individuals this march of progression is unlikely to relent but companies are getting better at not making people feel uncomfortable with the information they have.

The introduction of RFID systems to provide such functionality as “smart shelves” allows an attacker the chance to communicate with back end systems.  The concept of the smart shelf is to continually scan products on the shelf and communicate with back end systems to restock products, remove incorrectly located items, monitor expiration dates etc. As such it may be possible for an attacker to clone RFID cards and start to manipulate different variables, depending on what actions were taken would impact the output, and without a high level of visibility this would be a largely blind attack however the very existence of a method of communication means there is the potential to be hacked.

+ Inventory tracking across supply chain

The benefits of a smart store provide retailers with details of stock, environment and customers.  This increased efficiency is vital to companies when reviewing profit margins as it allows them to ensure they have the best possible environment for their product – think bright lights and warm temperature for summer clothes or fridges held at the best temperature to ensure products don’t spoil.  However, an increased reliance of technology leads to an increased risk if that technology fails or is tampered with.  IoT devices have historically had very lax security, and while there are numerous initiatives to provide the security needed, they still present potentially easy targets.  Should a thermostat controlling the temperature of a fridge be compromised it could be possible for an attacker to spoil large quantities of food thus impacting company revenue.

As consumers, we’re always seeking the quickest and easiest way of receiving a product, expecting the highest level of customer care in the process, a fact retailers can’t ignore. Early adopters in the retail space are sure to reap the rewards of IoT if implemented with the consideration to cyber security.