Executive Position Job Order  |  Executive Candidate Registration
Global Executive Search Recruiting Firm

The Internet of Things: New Project Inspects IoT Devices for Data Misbehavior
- Executive Leadership Articles

RMA - Global Executive Search Recruiting Firm Solutions - Executive Search Recruiting Solutions Career Center - Executive Search Resources For Employers & Job Seekers Employers & Hiring Professionals - RMA Is Your Source For Top Executive Candidates Job Seekers & Executive Candidates - Your New Career Begins Here! Industry Expertise - Executive Search Recruiting Expertise In 30 Industries Company - Over 20 Years of Executive Search Recruiting Experience News & Articles - Executive Search Recruiting News & Articles Contact RMA - The Trusted Executive Search Recruiting Firm
Your Source For Top Executive Candidates
News & Articles »
News & Articles
Executive Search Firm News
Executive Leadership Articles
Follow RMA On Google+
Follow RMA On Facebook
Follow RMA On Twitter
News & Articles - Executive Search Recruiting News & Articles
The Internet of Things: New Project Inspects IoT Devices for Data Misbehavior - Executive Leadership Articles

The Internet of Things: New Project Inspects IoT Devices for Data Misbehavior

Executive Leadership Articles

The Internet of Things: New Project Inspects IoT Devices for Data Misbehavior

Last week, researchers at Princeton University announced their project to inspect smart devices for vulnerabilities to privacy risk, data mismanagement, and malicious hacking. Titling it the IoT Inspector, the project sheds light on the way our most popular devices may not be secure, or are sharing data with third parties we haven’t been informed of.

We’ve already been aware of these vulnerabilities, at least ever since the Mirai botnet attack, which used smart devices such as lightbulbs and security cameras to launch a distributed denial of service (DDoS) attack against the internet’s switchboards, slowing down the world’s most popular websites and mobile apps, including Twitter, Amazon, and Netflix. However, beyond this sneaky yet predictable risk, our devices put us in positions of vulnerability in much sneakier ways, which the IoT Inspector reveals in four broad findings.

Finding #1: Many IoT devices lack basic encryption and authentication

And by “basic,” we’re talking about the easiest to implement, universally accepted first levels of of security, such as HTTPS and SSL, two protocols we use every day if we do any shopping, banking, or bill-paying on line. This failure to implement such safety measures violates every best-practices list published in this still-new standardization space. A smart blood-pressure monitor was found to communicate, unencrypted, the brand of monitor and the words “blood pressure,” in a manner that even a snoop with the most basic tools could see. Just by observing your internet use, this snoop would know not only that you’re monitoring your blood pressure, but how often and when you’re doing it.

That’s none of anyone’s business but largely harmless, perhaps, but combined with other information about you, detected through your use of other smart devices, someone with malicious intent could leverage this knowledge against you or someone in your home. As another example, “None of the toys we studied used HTTPS or SSL when communicating with manufacturer-owned servers,” say the authors. “One toy lacked authentication for user profile pictures. An eavesdropper could record or replay device communications to obtain profile photos.”

Finding #2: User behavior can be inferred from encrypted IoT device traffic

Even when the data is encrypted or safely authenticated, someone observing your home network can make inferences simply based the unread data as it passes among your devices. A snoop can identify the type of devices devices on your network by their MAC addresses or DNS requests (that is, simply by seeing what servers your devices are contacting). Combine that with the spikes in data traffic, and someone can use the traffic in your network to determine your sleep patterns, if you use a sleep monitor, or when you go to bed and wake up, if you use security cameras.

It should be emphasized that this kind of vulnerability doesn’t even have to do with the security of the devices or the due diligence by manufacturers. If someone can spy on your network, simply looking at the way the data is moving can reveal something about your habits.

Finding #3: Many IoT devices contact a large and diverse set of third parties

This is perhaps the most alarming finding. Along with other examples, the researchers share that a Samsung Smart TV, during its first minute after power-on, communicates with Google Play, Double Click (an ad service), Netflix, FandangoNOW, Spotify, CBS, MSNBC, NFL, Deezer, and Facebook—even though the researchers did not sign in or create accounts with any of them. Of course, a lot of this makes sense. In order to be easy to use, we expect this functionality to be at the ready: nobody wants to install Spotify on a television. We all just want it to be standing by. But does the manufacturer warn us of each of these services, and what they does with it?

In many cases, contacting these third-party servers simply enables the devices to function as required, allowing the actual communications that make them run, or permitting them to operate on time as programmed. Still, this is data being shared with an entity without our being aware of it.

Add to this startling opacity the uncertainty we have with how these third parties use our data and how secure it is, and we’re now multiplying our vulnerabilities by a concerning number of factors. At the very least, whether we’re comfortable with this amount of sharing or not, perhaps we’re entitled to knowing what’s being shared and with whom.

Finding #4: Smart home device traffic is predictable, facilitating anomaly detection

It’s not all bad news. The report finds that traffic in a smart home is predictable. This makes pretty good sense. A smart garage-door opener, for example, in rare instances might be activated a few times within a few minutes, but if it’s sending data constantly for an hour or more, chances are it isn’t functioning the way you intend, making it a likely victim of malware and possible participant in (worst-case scenario) a DDoS attack.

Because network behavior is predictable, an in-network device or service “should be able to automatically detect misbehaving devices and notify their users that their devices have been compromised.” The research team is experimenting with application of this idea, suggesting that a router itself or some other device placed between the router and the devices could do the job.

“Help our research”

The IoT Inspector project is asking for consumers’ input in which devices to inspect. The link below will take you to the project’s home, which explains the project and links to a form, asking users to suggest a device they own or are thinking of adding to their home.

Additionally, the project plans to release an open-source tool that lets users inspect IoT devices on their own. Sign-ups for the waitlist ask for an email address.

Reference links:
Announcing the IoT Inspector: https://freedom-to-tinker.com/2018/04/23/announcing-iot-inspector-a-tool-to-study-smart-home-iot-device-behavior

IoT Inspector Project Home: https://iot-inspector.princeton.edu


RMA® Executive Search Recruiting Firm Locations:

United States & Canada:   Europe, Asia & Pacific:
  • Bangkok, Thailand
  • Beijing, China
  • Berlin, Germany
  • Hong Kong, China
  • Kuala Lumpur, Malaysia
  • London, England
  • Madrid, Spain
  • Melbourne, Australia
  • Moscow, Russia
  • Mumbai, India
  • New Delhi, India
  • Paris, France
  • Prague, Czech Republic
  • Rome, Italy
  • Stockholm, Sweden
  • Sydney, Australia
  • Tokyo, Japan
  • Vienna, Austria
  • Wellington, New Zealand
  • Zurich, Switzerland

The Internet of Things: New Project Inspects IoT Devices for Data Misbehavior - Executive Leadership Articles

RMA Executive Search Recruiting Firm  /  News & Articles  /  Articles  /  Management: Religion In The Office

Start at the Career Center

News & Articles Links: