Categories:   All Categories
Suggested keywords
x
  Print

Not So Smart Home Security Threats By Paul Walker

Here is a warning that we should acknowledge, regarding the so-called Internet of Things, as applied to “smart homes,” regarding security threats. These devices include smartphones, smart TVs, virtual assistants, and CCTV cameras, which are equipped with cameras, microphones, and other sensors that can detect what is happening in your home, which is indeed their very point regarding security. One needs to know if some crook has broken into the home and is now stealing one’s treasures.

But, can one trust the IT firms, and indeed, the IT itself, and who can access the data, and is there any potential for abuse? The study referenced below indicates that there is such a threat: “Analyzing the data collected by IoT Inspector, we found evidence of IoT devices inadvertently exposing at least one PII (Personally Identifiable Information), like unique hardware address (MAC), UUID, or unique device names, in thousands of real-world smart homes,” “Any single PII is useful for identifying a household, but combining all three of them together makes a house very unique and easily identifiable. For comparison, if a person is fingerprinted using the simplest browser fingerprinting technique, they are as unique as one in 1,500 people. If a smart home with all three types of identifiers is fingerprinted, it is as unique as one in 1.12 million smart homes.”

 

Should one therefore go the way of a smart home if one has the money? For most of us, just paying for groceries is the big thing, and we do not have anything worth stealing, so it is not much of a problem. Security cameras are a good safety measure for some neighbourhoods. As for going the full Internet of Things, as with all IT issues, it will be a complex balancing act for each individual, with no one size fits all solution. Perhaps some aspects of the Internet of Things could be adopted without raising privacy issues in the home.

https://studyfinds.org/smart-homes-security-threats/

 

“International researchers are issuing a dire warning of security and privacy concerns lurking within smart homes. Led by IMDEA Networks and Northeastern University, scientists were able to demonstrate a variety of security and privacy threats due to the local network interactions of Internet of Things (IoT) devices and mobile apps.

As smart homes continue to evolve, they encompass a wide array of consumer-focused IoT devices, including smartphones, smart TVs, virtual assistants, and CCTV cameras. These devices come equipped with cameras, microphones, and various sensors that can perceive activities within our most intimate spaces – our homes. However, can we truly trust these devices to handle and safeguard the sensitive data they collect?

“When we think of what happens between the walls of our homes, we think of it as a trusted, private place. In reality, we find that smart devices in our homes are piercing that veil of trust and privacy — in ways that allow nearly any company to learn what devices are in your home, to know when you are home, and learn where your home is,” says David Choffnes, associate professor of computer science and executive director of the Cybersecurity and Privacy Institute at Northeastern University, in a media release. “These behaviors are generally not disclosed to consumers, and there is a need for better protections in the home.”

Alarming Findings On ‘Smart Home’ Tech

For the study, researchers delved into the intricacies of local network interactions among 93 IoT devices and mobile apps and were able to unveil numerous previously undisclosed security and privacy concerns with real-world implications.

Contrary to the common perception that local networks are secure environments, the study highlights new threats linked to the inadvertent exposure of sensitive data by IoT devices within local networks using standard protocols like UPnP or mDNS. These threats include the revelation of unique device names, UUIDs (Universally Unique Identifiers), and even the geographic location of households. These can be exploited by companies involved in surveillance capitalism without the users’ knowledge.

“Analyzing the data collected by IoT Inspector, we found evidence of IoT devices inadvertently exposing at least one PII (Personally Identifiable Information), like unique hardware address (MAC), UUID, or unique device names, in thousands of real world smart homes,” explains study co-author Vijay Prakash, PhD student from the New York University Tandon School of Engineering. “Any single PII is useful for identifying a household, but combining all three of them together makes a house very unique and easily identifiable. For comparison, if a person is fingerprinted using the simplest browser fingerprinting technique, they are as unique as one in 1,500 people. If a smart home with all three types of identifiers is fingerprinted, it is as unique as one in 1.12 million smart homes.”

The Potent Weapon of Local Network Protocols

The study underscores how local network protocols can serve as side channels to access data that is theoretically protected by mobile app permissions, such as household locations.

“A side channel is a sneaky way of indirectly accessing sensitive data. For example, Android app developers are supposed to request and obtain users’ consent to access data like geolocation,” explains Narseo Vallina-Rodriguez, associate research professor of IMDEA Networks and co-founder of AppCensus. “However, we have shown that certain spyware apps and advertising companies do abuse local network protocols to silently access such sensitive information without any user awareness. All they have to do is kindly asking for it to other IoT devices deployed in the local network using standard protocols like UPnP.”

“Our study shows that the local network protocols used by IoT devices are not sufficiently protected and expose sensitive information about the home and the use we make of the devices,” adds Juan Tapiador, professor at the Universidad Carlos III de Madrid. “This information is being collected in an opaque way and makes it easier to create profiles of our habits or socioeconomic level.”

 

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Friday, 10 May 2024

Captcha Image

Other Sites

Categories

Race, Culture, Nation
Constitution and Law
Politicians and Candidates
Health
Genderism
Banking and Finance
Environment, Climate
Agenda 2030
Referenda
Trade Deals and TPP
Elections
About Us

Blog Search

Archive

Support Jar

Do you wish to financially support ongoing work of the
Australian League of Rights?

You can perform a direct bank transfer of your contributions.

Bank Transfer details are:

A/c Title
Australian League of Rights (SA Branch)

BSB 
105-044

A/C No.
188-040-840

 

Email the ALOR Head Office

THE LEAGUE’S FREEDOM CAMPAIGN

No political movement can exist in a moral vacuum, and Australians have traditionally accepted that it is the Christian Faith that generated our heritage of representative government. While the League maintains a small full-time staff primarily motivated by Christian service, it is the extensive network of volunteers from all walks of life who form the backbone of the Movement.

The League of Rights seeks to help create a body of dedicated men and women who serve not for their own material gain, but as custodians of those truths and values which must form the basis of all successful efforts to defeat the enemies of human dignity and freedom.

The League encourages and equips individuals to independently exercise their own initiative in the service of freedom.

 

All Political Comment Authorised by
Arnis J Luks
13 Carsten Court, Happy Valley, SA.