Jump to content

Information Technology and Ethics/Privacy and The Internet of Things

From Wikibooks, open books for an open world

Introduction

[edit | edit source]

The term ''Internet-of-Things'' is used as an umbrella term for various aspects related to the physical extension of the Internet and the Web through the widespread deployment of spatially distributed devices with embedded identification, sensing, and/or actuation capabilities. The large scale of IoT systems and the high level of heterogeneity are likely to increase the security risks posed by the current Internet, which is being used to enable interactions between humans, machines, and robots in any combination[1].

In this section, we will cover the Internet of Things and privacy problems related to IOT, as well as some of the most common concerns with appropriate examples. We will also discuss a scenario in which IoT became a security and privacy liability for users. As previously stated, this chapter focuses mostly on privacy issues with IoT, thus you may notice that we emphasize privacy rather than security in the next parts.

Privacy in IoT Devices

[edit | edit source]

An IoT system can be thought of as a group of intelligent devices working together to achieve a shared objective. Depending on their target, IoT installations may use different processing and communication architectures, technologies, and design techniques at the technological level. Because of their low computational capacity, traditional security countermeasures and privacy enforcement cannot be effectively applied to IoT technologies; also, the large number of networked devices poses scaling concerns. At the same time, valid security, privacy, and trust models suitable for IoT applications must be defined in order to achieve full user approval. Since devices may handle sensitive information, data protection and user personal information confidentiality must be guaranteed when it comes to privacy regulations.

Individuals' understanding and perception of information privacy differ, and its enforcement necessitates efforts from both government and technology. In an IoT system, data is typically collected by end devices, transferred through communication networks, evaluated by local/remote servers, and finally given to various applications[2]. As a result, confidential data must be safeguarded at all stages of the architecture stack. In this instance, implementing appropriate privacy design strategies based on the functions of the layers in the data lifecycle is crucial. Techniques implemented at a specific layer may become insufficient or redundant otherwise.

Because of its close relationship with the actual world, IoT technology should be designed to be secure and privacy-preserving. This means that security should be seen as a critical system-level attribute and should be considered while designing architectures and procedures for IoT solutions. Privacy governs the conditions under which data pertaining to specific users may be accessed. The key reasons for privacy being a core IoT need are the envisioned IoT application domains and the technologies deployed[3]. Healthcare applications are the most notable application field, with the adoption of IoT technology hampered by a lack of acceptable systems for preserving the privacy of personal and/or sensitive information. This is expected to be a critical prerequisite for securing user acceptability and widespread adoption of the technology. Without guarantees of system-level secrecy, authenticity, and privacy, it is unlikely that critical stakeholders will adopt IoT solutions on a significant scale.

The widespread use of wireless media for data exchange may raise new concerns about privacy violations. Because of their remote access capabilities, wireless channels raise the danger of violation, potentially exposing the system to eavesdropping and fraudulent attacks. As a result, privacy is a serious open problem that may stifle IoT development. The development of real ways for constructing privacy-preserving mechanisms for IoT applications continues to pose various challenges. The definition of a general model capable of representing all IoT essential items and their interactions would aid the development of concrete implementations. Furthermore, the implementations should contain enforcement mechanisms capable of dealing with the volume and dynamic nature of IoT scenarios. To meet these needs, systems that can enforce dynamic data stream access control should be offered.

Common Concerns Relating to IOT and Privacy

[edit | edit source]

Collection of Private Data

[edit | edit source]

The gathering and sharing of individual data without the user's consent is one of the greatest privacy issues with IoT. Numerous IoT devices gather enormous volumes of data, which may reveal sensitive information about a person's interests, lifestyle, and habits. Smart thermostats, door locks, and security cameras are examples of smart home appliances that monitor people's daily activities, sleeping patterns, and home entry and exit times.

Data Security

[edit | edit source]

Another issue is that IoT devices collect and store sensitive data, which can lead to vulnerabilities and privacy risks. As an example, in the event that a smart home device is breached, a hacker might approach essentially everything in a smart home including smartphones, TVs, cameras, and other smart devices.

Lack of control

[edit | edit source]

The absence of user control over their data is one of the most serious privacy concerns with IoT. Devices can gather and send data without the users' knowledge or capacity to regulate what data is collected or transferred. Smart home and fitness trackers, for example, collect data on users' everyday activities and transfer it to third-party firms without their knowledge or agreement.

Third-party sharing

[edit | edit source]

The enormous measure of Data created by IoT devices is routinely shared to third parties without the user consent, raising serious privacy concerns and the risk of data breaches, identity theft, and other privacy violations. In 2019, for example, researchers revealed that Amazon's Ring doorbell, an IoT device, was sharing customers' personal information with third-party analytics organizations without their knowledge.

Demonstrations of IoT privacy Issues

[edit | edit source]

Most consumers are aware of phishing emails and links that might infect their phones when they are activated, but few are concerned about their televisions. Since the CIA supplied their engineers with documentation in 2014 that includes an attack on Samsung F-series smart TVs, smart TVs have been demonstrated to be hackable. According to the CIA documents, the exact vulnerability requires a person to have access to the smart TV to connect to a USB drive and dump the information saved in the television, as well as download malicious programs that contain key-loggers, visual controls, and audio controls. The previously mentioned capabilities of malicious software can be utilized to successfully spy on individuals; after all, the television screen is the largest screen and camera view in most homes.

Years later, in Defcon27, an independent security researcher by the name of Pedro Cabrera showed how to hack a smart TV using a more sophisticated technique. Cabrera hijacked the TV network provider's signal with a drone equipped with an antenna and a laptop, causing the smart television to podcast whatever Cabrera desired. Cabrera claims that as long as the signal from his drone antenna is greater than the signal from the network provider, he can hijack the signal and gain access to the targeted smart television. Placing the drone near the TV, whether on the rooftop or near a window, is an easy approach to boost the signal from the drone antenna. As the drone gets closer to the target house the signal for the drone antenna increases[4].

In addition, many users have become aware in recent years that most gadgets and organizations do not request passwords over the phone or email. However, because most people buy smart televisions for improved quality rather than advanced technological capabilities, they are unaware that televisions, like phones and computers, should be kept with care[5]. Another hack that tackles this issue was demonstrated in Defcon27 by Cabrera, who demonstrated how he can make a popup window appear on the TV asking the user to re-enter the WIFI credentials because the service provider has made an update. The fact that the feed stops and the user cannot continue watching unless they submit the information asked by the hacker make this popup window appear real.

Conclusion

[edit | edit source]

It is important to keep up with adequate security and protection norms to guarantee the real expansion of IoT services. The Internet of Things (IoT) has various security and information assurance challenges. IoT device data gathering, data security, lack of user control, and third-party sharing issues pose severe threats to individuals' privacy rights. Policymakers, organizations, and buyers should resolve these issues to guarantee that IoT devices are made and utilized in a way that respects individuals' protection and autonomy. Only by carefully considering the privacy implications of IoT can we fully realize the transformational promise of this technology while protecting fundamental human rights[6].

References

[edit | edit source]
  1. Khan, Minhaj Ahmad; Salah, Khaled (2018-05-01). "IoT security: Review, blockchain solutions, and open challenges". Future Generation Computer Systems. 82: 395–411. doi:10.1016/j.future.2017.11.022. ISSN 0167-739X.
  2. Sicari, S.; Rizzardi, A.; Grieco, L. A.; Coen-Porisini, A. (2015-01-15). "Security, privacy and trust in Internet of Things: The road ahead". Computer Networks. 76: 146–164. doi:10.1016/j.comnet.2014.11.008. ISSN 1389-1286.
  3. Miorandi, Daniele; Sicari, Sabrina; De Pellegrini, Francesco; Chlamtac, Imrich (2012-09-01). "Internet of things: Vision, applications and research challenges". Ad Hoc Networks. 10 (7): 1497–1516. doi:10.1016/j.adhoc.2012.02.016. ISSN 1570-8705.
  4. Greenberg, A. (2019, August 12). Watch a Drone Take Over a Nearby Smart TV. Retrieved March 30, 2020
  5. Cisomag. (2020, January 10). 10 IoT Security Incidents That Make You Feel Less Secure. Retrieved March 30, 2020
  6. Tsirmpas, Charalampos; Anastasiou, Athanasios; Bountris, Panagiotis; Koutsouris, Dimitris (2015-12). "A New Method for Profile Generation in an Internet of Things Environment: An Application in Ambient-Assisted Living". IEEE Internet of Things Journal. 2 (6): 471–478. doi:10.1109/JIOT.2015.2428307. ISSN 2327-4662. {{cite journal}}: Check date values in: |date= (help)