“The S in IoT stands for Security
“The S in IoT stands for Security.” 1
– Melvin Lammert
Figure 1:Illustration of use of IoT devices connected to mobile17
The number of devices connected to internet has already exceeded the number of human beings on earth. This range continues to boom dramatically and is predicted to be between 26 billion and 50 billion by means of 20203.Wearable fitness devices, medical devices connected to internet and health monitoring devices are changing the healthcare services. This devices are very essential and beneficial to people with some disabilities or elderly as well as to sports person for tacking their fitness.
Figure 2:Estimation of the growth in the IoT 17.
The plan of “Smart Cities” in order to low decrease the congestion and energy consumption by use of intelligence traffic system and sensors on roads and bridges. One of the drawback of this increase in IoT device is that the collection and sharing of personal data has increased drastically13. All this things have sensors which senses information, process the collected information or data and communicate with other devices or people over internet. In this process lot of confidential and personal information is handled. There are many issues and challenges in IoT that need to be considered 102.
According to some researchers the IoT is interconnected world of progress, efficiency and opportunity, which is adding lots of value to many industries and the global economy. Others say that the IoT is a sadness to world of privacy and security violations. However, IoT has many concerns as well as challenges that need to be considered and addressed..13Data Security and Privacy could be seen as of one of the key terms in the ethical debate surrounding data and IoT.
What is IoT?
There is no single, unique and universally accepted definition for Internet of Things. Different definition are been provided by different groups to describe their view about Internet of Things. In 2012 the International Telecommunication Union (ITU) defined the Internet of Things as “a global infrastructure for the Information Society, enabling advanced services by interconnecting (physical and virtual) things based on, existing and evolving, interoperable information and communication technologies” (ITU, 2012).
The Oxford Dictionaries 38 offers a concise definition that invokes the Internet as an element of the IoT: Internet of things (noun): The interconnection via the Internet of computing devices embedded in everyday objects, enabling them to send and receive data.
Figure 3:Inter connectivity used in IoT18
IoT is basically a network of “things” that is physical objects interconnected with sensors, software, electronics and networks connections for communication. IoT offers accuracy, improved efficiency and economics benefit between physical word and computer system; it is achieved by sensing the required information using sensors which is further controlled remotely using networking structure18
Security and Privacy in IoT
Just like every new technologies, IoT is going to have lots of benefits along with new challenges and risk. As IoT is connected to internet and it is type of information and communication technology it is definitely going to have security and privacy concern over the data collected and processed by the devices .Due to very large data generation and handling in IoT, ethics aspect are more complex and demanding. As users of internet and gadgets/devices linked to internet we need to have high level of trust on whatever activities we are doing online are secured enough and there is very low or no risk involved.13If particular device is having some security concerns it would give an entry point for cyber-attack. Taking advantage of this situation, hackers would be able to hack our devices, make programming changes and alter the function of device. Such unsecured and malfunctioning devices would give a rise to security vulnerabilities. According to an article published by ICO,UK (International Commissioner Office), almost 60 of IoT connected devices fails to notify customers about how their information is being used in order to process the function of devices. According to study done by around 25 data protection bodies around the world, considering the communication gap between companies manufacturing IoT devices and customers over the matter of privacy following was the outcome:-
59 of devices didn’t competently explain to customers how their personal data is combined, used and disclosed.
68 failed to properly provide an explanation for how data is saved.
72 failed to adequately explain their customers the way in which their data/information can be deleted.
38 failed to provide the proper information for point of contact if they had any kind of concerns over privacy8
Most systems do not have the ability to lock out accounts after a certain number of failed attempts.
About few years ago, there was discovery of vulnerabilities in the system identified by two researchers, Charlie Miller and Chris Valasek. This vulnerability was found in Jeep Cherokee vehicles and they were able to control many functions related to automobile over the vehicle.. A year after this incident, same two researchers identified another vulnerability in Cherokee vehicles which allow them to control steering, apply brakes and also accelerate the vehicle.
This surprising and unknown fact which was disclosed to users resulted to recall of around 1.4 million vehicles for fixing the problem identified during research. Luckily this attack was not intended to harm anyone. This research demonstrated the danger that will cause if same act is been performed by hackers. This is just an example that would make you think the important of securities in IoT10.
While some experts are saying that the information and data in IoT which we are concerned about is anonymized or pseudonymized. Which means that data is further distributed by removing the sensitive data and personal information, this is done my replacing our private and confidential data with nonhuman readable and irreversible form in order to provide data privacy to users. But, as the Article 29 Working Party has noted, even the data or information obtained by even pseudonymization or anonymization may have to be considered personal data. In a paper published in Science, MIT scientist Yves-Alexandre de Montjoye shows that it is possible to identify individuals’ transactions from anonymous credit card data by applying reverse engineering. Almost 1.1 million people transactions were examined, all the data were “scrub” data- personally identifiable information was removed. 90 of times he successfully manged to recognise the identity of individual using time and location in dataset. He was also able to enhance the precise of identification by adding his knowledge on amount of transaction.12
Data collection and storage by IoT devices is totally invisible to user. We are not aware and even we are to not into position understand the manner in which it is collected. We have been using many of smart gadgets and smart meters in our day to day life. When this devices are connected to internet they are is a state to provide the detailed information of individual’s identity using them, like the usage of particular devices, entertainment habits and also if person is presence or absence in home. This Smart home appliances and applications to which they are connected provide the captured information back to their manufacturers; we are not clear how it is used by manufacturers. We are also unaware about the third parties with whom this information is shared.7In 2014, Irish Times awarded Connected Doll as one of the top toys. Children could experience talking and listening to the doll and play with it. While playing children could talk and ask any questions to the doll when it is connected to an application in mobile through blue-tooth. Using speech recognition technique voice of child is converted into text and further this text is then searched on internet using application on mobile. The result of searched text is again converted to audio and it responds to child. As child interaction with doll is recorded and it is also shared with the third parties concerns was raised towards the data privacy of child. If the blue-tooth connection within mobile and doll is not well established and unsecured hackers would target it and would be able to listen to child and even answer him. There are many toys and IoT devices with security flaws which fail to meet data protection laws. In Dec 2016, there we many complaints lodged over My Friend Cayla doll and i-Que robot for the insecurity reasons in Germany. Bluetooth connection between the doll and mobile was insecure and hacker were able to get control over the doll. This situation were luckily identified by many parents and complaint were filed against it. Later, it was advised to parents for destroying the toy.107
The primary problem of IoT is that since the idea of networking the internet and other objects is new, security and privacy related issues are not considered while product design. Secondly, IoT devices are often sold with outdated software and user do not have any information regarding it. More often users fail to change the default password or even if they change it, they fail to select passwords that are sufficiently strong enough.15.IoT gives new play experience and opportunities to learn many things for children, it also has high level of risk to their security and privacy. Hackers may gain access to their toy and start taking control over it.107 .It is necessary to design connected device in such a way that privacy and security is taken care off along consumer protection law in order to avoid issues related to security and also to avoid additional cost due to re-engineering. 107To improve security of IoT devices there should be a separate into its own network which should be restricted. This separate network should be monitored frequently and if there is any problem identified quick action should be taken15
IoT devices not only track our activities and behaviour, but also our thoughts and emotions20