consumer-IoT

Is Your Home Giving Away Your Secrets?

/ bugejajoseph / Leave a comment

With an increasing number of companies providing consumers with their smart home products and related services, smart homes are quickly becoming the norm. This trend is likely to continue in the future, as more people are realizing the benefits of having a smart home.

Source: UR.se

Making a home smarter with sensing technologies can seem like a good idea, but it also gives attackers an opportunity to break into your devices and steal your personal data. This could be a problem for you and your family if you have smart devices in your home without having configured them properly or regularly updated them.

In a televised public lecture, I discuss the smart home, its privacy risks, and what can be done to secure the contemporary home. Here is the link to the full lecture: https://urplay.se/program/228807-ur-samtiden-malmoforskare-forelaser-avslojar-ditt-hem-dina-hemligheter

The Importance of Information Ethics in the Digital Age

/ bugejajoseph / Leave a comment

Over the years, the world has witnessed a technological evolution that has resulted in the World Wide Web becoming a location where information about individuals is acquired and spread. Information ethics is a subset of ethics that investigates the impact of information technology on society. It draws on a variety of fields, including philosophy, law, and computer science. Information ethics seeks to assist us in thinking about how we, as individuals, companies, governments, and societies, think about information: what it is, where it comes from, and how we use it. With the rapid rise of ubiquitous computing and networks, it is becoming an increasingly essential topic of research.

As our world gets more interconnected, individuals must make more responsible decisions about how they acquire, use, and share information with others. Making these decisions can be challenging at times, especially when there is little information available to assist us in deciding what is acceptable and what is not. If one’s actions or inactions have the potential to cause harm to others, one should be held accountable. Information ethics looks at what is right and wrong in relation to information systems. But where can we find these rules, and how can we apply them to the Internet, particularly to the Internet of Things, where certain key decisions are made automatically by machines?

This is a topic that I have been researching for the past few months. I was able also to publish a paper on this topic. If you are a scholar or simply are interested to explore ethics, I recommend reading the book “Ethics & Technology: Controversies, Questions, and Strategies for Ethical Computing” by Herman T. Tavani.

Special Issue on Privacy and Trust

/ bugejajoseph / Leave a comment

We are guest editing a Special Issue on Privacy and Trust in IoT-Based Smart Homes and Buildings, and would like to personally invite you to contribute a paper.

For this Special Issue we are looking for high-quality original contributions including, but not limited to, the topical areas listed below:

  • Novel architectures, concepts, and models for trustworthy smart homes and smart buildings;
  • Privacy-enhancing and transparency-enhancing technologies for smart homes and smart buildings;
  • Privacy-by-design mechanisms for smart homes and buildings;
  • Vulnerability discovery and analysis for smart homes and buildings;
  • Threat modeling and risk assessment for smart homes and buildings;
  • Attack and attacker simulation for smart homes and buildings;
  • Trust and identity management for smart homes and buildings;
  • Access control models for smart homes and buildings;
  • Human factors in privacy and security of smart homes and buildings.

Please spread the word!

More info: https://www.mdpi.com/journal/sensors/special_issues/PT_SM

Password reuse in different smart home products

/ bugejajoseph / Leave a comment

Researchers from Ben-Gurion University of the Negev have found that smart home devices can be easily hacked and then used to spy on their users. Omer Shwartz et al. in their research paper analysed the practical security level of 16 popular IoT devices ranging from high-end to low-end manufacturers.

Amongst other things, they discovered that similar products under different brands share the same common default passwords. In some instances, the authors claimed that such passwords were found within minutes and sometimes simply by a web search for the brand. Devices in their study included baby monitors, home security and web cameras, doorbells, and thermostats.  Using such devices in their lab, they were then able to for example, play loud music through a baby monitor, turn off a thermostat, and turn on a camera remotely.

Exactly as I talked today in my PerCom’18 presentation in Greece, manufacturers should avoid using easy, hard-coded passwords, and should be held more accountable for their products and services. At the same time, the end-user as a countermeasure should try to change default passwords or to disable privileged accounts on the device. But, ultimately, security should never be an afterthought but bolted-in from the beginning of the development lifecycle.

In our work, we have identified hundreds of insecure smart connected cameras deployed on the Internet in different places in the world. Similarly, we observed that most of the vendors left their default passwords inside the devices, or had banner information with sensitive data, e.g., firmware version, ports numbers, manufacturer names, that can be used to compromise the security and privacy of householders, business owners, and more.