Information Technology and Ethics/Privacy and The Internet of Things
In this chapter, we are discussing the concept of privacy and cybersecurity. In this section, we are focusing on a few technologies that have proven to introduce privacy concerns with the consumers. We are going to talk about privacy and the Internet of Things (IoT). The internet of things is a new technology that allows people to connect many of their devices together; it can make the user experience much more fulfilling, but it also can illustrate security and privacy issues.
We will discuss the background of IoT, which will include how it started? When did it start? Who is the creator/s of this technology? Why is it appealing to consumers? We also are going to mention a case where IoT became a security and privacy liability for the consumers. As mentioned before, this chapter focuses mainly on privacy issues with IoT, so you might find that we are focusing on privacy more than security in the upcoming sections.
Privacy in IoT DevicesEdit
Many different definitions try to explain: what is the Internet of Things (IoT)? I believe that companies try to explain their product that includes the capabilities of the Internet of Things which makes it harder for regular users to understand the fundamental or original meaning of the term. The most generic and yet descriptive definition of the term is one that can explain the concept to the consumer, so here is a definition: multiple devices that can communicate with each other via an established connection which can be WIFI, Bluetooth, the internet, and much more. These devices can range from wearables to smart-home systems, either way, the data collected by those devices are sent to a cloud service or program to be processed and logged. This service was created to make people’s usage data available and readable by the users themselves without having to communicate with a company to obtain the data.
The term “Internet of Things” started in 1999 when a supply chain optimization worker at Procter & Gamble wanted to intrigue the executives of the company with new technology. Kevin Ashton wanted to present the RFID technology to the senior executives at Procter & Gamble, however, titling his presentation “RFID” would be dull and more importantly, it would not attract the attention of a lot of people, so instead he titled his presentation “Internet of Things”. Ashton thought that because the Internet attracted huge attention in the 1900s then, to intrigue people he had to use the most discussed topic at that time which was the Internet; and since RFID mainly identifies and tracks tags attached to different objects, the “things” part of the title made sense to Ashton.
However, the term was not recognized widely until the early 2000s, specifically in 2010, when people got the idea that Google was moving toward indexing the physical world because the company stored a large amount of data pertaining to people’s WIFI network usage. Also in 2010, the Chinese government announced that they are making the Internet of Things a strategic priority in their five-year plan for the future of the country. Afterward, many companies started to adopt the name and mention it in their lists of upcoming projects, workshops, and inventions. And finally, famous technological conferences including LeWeb and Consumer Electronics Show (CES) started adopting the theme of “Internet of Things” as they marketed for their events, which increased the overall curiosity and knowledge about the term.
We have mentioned before the definition of the term IoT and inside that definition, we said that the services provided by IoT were made to ease the process of obtaining the usage data by the clients who are using the services. However, these capabilities are also the reason that most, if not all, IoT devices have privacy issues. It is fair to assume that most of our current devices can be hacked because of the excessive use of the internet as well as the day to day development of technologies.
The IoT devices are not different from your computers, phones, cars, etc. all of these devices are made to enable people to communicate with each other using the internet or programs; the same thing applies to IoT devices. IoT devices include hardware, software, and communication capabilities which makes them as vulnerable as any of your other electronic devices. This begs the question: are IoT devices secure from outsiders? The simple answer is “No”. Here is why: because if you have access to the device settings it means that if the device was entered by an unauthorized person, they will have the same capabilities as you do, which in turn means that they can access the same video, audio, pictures, passwords, and any other information stored in the device or were generated by the device.
Demonstrations of IoT privacy IssuesEdit
Most users hear about phishing emails and links that can infect their phones when they are activated, but not many users are wary when it comes to their TVs. Smart TVs have been proven to be hackable ever since the CIA in 2014 gave their engineers documentation that included an exploit in Samsung F-series smart TVs. The specific exploit mentioned in the CIA documents explained that a person needs to have access to the smart TV in order to plug a USB drive to dump the information saved in the television, as well as, download a malicious code that includes, key-loggers, visual controls, and audio controls. The previously mentioned capabilities of the malicious codes can be used to spy on people very effectively, after all the largest screen and camera view in most houses is the television screen.
Years later in Defcon27, an independent security researcher named Pedro Cabrera illustrated a more advanced method to hack a smart TV. Cabrera used a drone that had an antenna attached to it and his laptop to hijack the TV network providers signal and make the smart television podcast whatever Cabrera wanted to podcast. According to Cabrera, as long as the signal podcasting from his drone antenna is stronger than the signal podcasting from the network provider, he can hijack the signal, therefore get access to the targeted smart television. One easy way to make the signal of the drone antenna stronger is placing the drone near the TV, by near the TV we mean on the rooftop or close to a window, either way, the signal from the drone antenna will be stronger because the drone is closer to the target’s house.
Also, in recent years, many users became aware that most devices and institutions do not ask for passwords over the phones or through emails. However, since most users purchase smart television because of the increased quality and not the advanced technological capabilities, they do not comprehend the idea that televisions should be treated with carefulness just like phones and laptops. Another hack that addresses this particular issue was also illustrated in Defcon27 when Cabrera showed that he can make a popping window appear on the TV asking the user to reenter the WIFI information because the network provider made an update. What makes this popping window look legitimate is the fact that the feed stops, and the user cannot continue watching unless they enter the information request by the hacker.
The Internet of Things is a very helpful technology, however, a few security and privacy concerns are accompanying this technology. The demonstration we talked about included smart televisions only, but there are many more. In general, all IoT devices have the same kinds of vulnerabilities. The fact that all IoT devices are vulnerable means that their adoption by the public will be slow because most people value their privacy and security. Having said that, there are ways to secure those devices and one of the most discussed solution is implementing blockchain technology into the Internet of Things device. Blockchain was implemented in cryptocurrency exchange which proved successful; the fact that blockchain was as successful as it is with cryptocurrency exchange makes many researchers and cyber specialists think that it will be beneficial as well with Internet of Things technologies.
- Knud Lasse Lueth, 2014
- Baecker, O., & Jain, S. (2018, June 25). Can blockchain accelerate Internet of Things (IoT) adoption. Retrieved March 24
- Cisomag. (2020, January 10). 10 IoT Security Incidents That Make You Feel Less Secure. Retrieved March 30, 2020
- Greenberg, A. (2019, August 12). Watch a Drone Take Over a Nearby Smart TV. Retrieved March 30, 2020
- Intelligence, I. (2020, January 6). The security and privacy issues that come with the Internet of Things. Retrieved March 30, 2020
- Laidlaw, J., Williams, A., Szczys, M., & Hobson, J. (2017, April 26). smart tv hack. Retrieved February 20, 2020
- Lueth, K. L. (2014, December 19). Why the Internet of Things is called Internet of Things: Definition, history, disambiguation. Retrieved March 29, 2020
- Morrow, S. (2020, March 18). 5 Reasons Privacy and IoT Are Incompatible. Retrieved March 30, 2020
- Pan, D. (2019, December 13). 75% of IoT Firms Want to Add Blockchain: Survey. Retrieved March 28, 2020
- Pauw, C. (2019, February 14). How Significant Is Blockchain in Internet of Things? Retrieved March 20, 2020
- PentaSECURITY. (2019, November 26). Top 5 Shocking IoT Security Breaches of 2019: Penta Security. Retrieved February 14, 2020