|The cases of smartphones and smart home virtual assistants such as Amazon Echo or Google Home leaking user data have made headlines and brought to light issues regarding privacy and security / Photo by: Ivan Kruk via 123RF|
The cases of smartphones and smart home virtual assistants such as Amazon Echo or Google Home leaking user data have made headlines and brought to light issues regarding privacy and security, according to Nicole Lindsey of CPO Magazine, a data protection and cybersecurity magazine.
As for IoT, get ready to hear stories surrounding how other smart devices like smart TVs and connected appliances are tracking and leaking your data. Scared? You should be. There are new studies that shed light on IoT’s privacy issues. You might encounter these issues when you’re streaming Netflix, watching from a smart TV, or interacting with any of your smart home devices.
IoT’s Privacy Issues
Recent studies have unearthed some ways that IoT devices can compromise their user’s privacy.
1. Smart Devices Share Personal Data to Third Parties
The study was a joint academic collaboration between Northeastern University and Imperial College London. Jingjing Ren and colleagues analyzed the data-sharing activities of 81 different smart devices commonly found in people’s homes including smart audio speakers, smart TVs, and video doorbells. The researchers performed 34,586 experiments to gauge how much data the aforementioned devices were collecting, storing, and sharing.
The team found that 72 of the 81 IoT devices shared personal data with third parties. Surprisingly, the third parties were in no way related to the original manufacturer. The data shared included basic information about the device being used. Alarmingly, the data also included device specifications, IP addresses, location data, and user habits.
Who were these third parties? Tech giants like Google, Amazon, and Akamai. The reason? It’s because they are the ones providing the Wi-Fi, internet networking, or cloud storage functionality to IoT devices. Thus, you should be alarmed about how your personal data is being collected and shared with third parties. The study illustrated how IoT devices are operating these days without taking into account privacy or security issues.
2. Your Smart TV’s Privacy Issues
Research by Hooman Mahojeri Moghaddam and colleagues from Princeton University and Chicago also tackled IoT privacy issues. This time, they focused on smart TVs and internet streaming devices. They found that 89 percent of Amazon Fire TV channels and 69 percent of Roku channels collected information about viewing preferences and habits. The authors used IoT Inspector, an open-source tool, to find out “what type of data was being shared” and additionally, to track where this data was being sent.
Interestingly, Geoffrey A. Fowler of Washington-based newspaper The Washington Post conducted an unofficial experiment to figure out how much a smart TV is carrying out tracking and monitoring on a daily basis. He also used the IoT Inspector for his experiment. Fowler concluded that the “smart pixels” on your TV screen was capturing “about what was being watched” and where. Then, the information was transmitted to third party IP addresses.
Notably, smart TVs from Samsung, LG, and Vizio were not only capturing “smart pixels.” They were also taking snapshots of the screen and sending that information to third parties. Creepy!
|Notably, smart TVs from Samsung, LG, and Vizio were not only capturing “smart pixels.” They were also taking snapshots of the screen and sending that information to third parties / Photo by: Andriy Popov via 123RF|
Insights on IoT and Privacy
The question here is how your information and data are being used. If these are used for personalizing and customizing your experience, then that’s understandable. For example, data about which devices are used to watch and stream content might help Netflix improve the quality of its streams.
On the other hand, IoT privacy experts have the right to be alarmed about the findings of the above-mentioned studies. They say that your personal data being “leaked” from your devices at home is used to “create sophisticated profiles of users.” It’s troubling because some of these data contain personally identifiable information such as your location, unique device information, and social media data.
This data can be used to figure out the identity of users. For advertisers, they have struck gold. Advertisers will then use the data they extracted to concoct the perfect ad for their users.
|The question here is how your information and data are being used. If these are used for personalizing and customizing your experience, then that’s understandable / Photo by: Vasin Leenanuruksa via 123RF|
Security Is a Top Priority for IoT
Michael Baxter of Information Age, a platform dedicated to publishing general intelligence for technologists, interviewed Ciklum’s IoT technical lead Dr. Yevhenii Karpliuk about IoT privacy. According to Karpliuk, “There is not enough attention being paid to privacy and security.” IoT and connectivity are growing. Hence, more potential vulnerabilities may occur if no security strategy was formulated during the design phase.
In the early phases, design and development must include security features to make IoT solutions more secure. IoT solutions must also enable data protection. Since IoT systems are distributed, it is essential to implement unified and well-designed security guidelines that allow encryption on “transport layer, security keys, and certificates generation, distribution and validation,” Karpliuk added.
New security breaches may be introduced if integrated with third party services. Therefore, it is essential to check that all components abide by security principles and guidelines. As for data generated from IoT devices, it will only bring value if it’s subjected to analysis.
IoT device manufacturers and service providers must prioritize security and privacy to ease the worries of users. We’ve had enough of stories of personal data being leaked out in the open. Thus, it is up to IoT experts to safeguard that information from security breaches.