User:Theedataenthusiast/sandbox

Internet of Things (IoT) devices refer to the devices that we use everyday that can connect to the internet. This is done without requiring human to human communication or human to computer interaction. These devices include fitness trackers, thermostats, locks, smart watches, pacemakers, speakers and much more. An example of IoT devices include Amazon Alexa and iOS Siri. These devices connect and communicate in many ways. For example, these devices can listen, communicate and perform in many ways. Today, you can speak into your bluetooth operating speaker named Alexa and ask her to play your favorite song. You can also ask Siri to call your mom without unlocking your cellular device. The features and benefits of these products are ultimately to make life easier for us. As these devices become a huge part of our daily lives, the more data these devices will carry. The problem is, these devices share data with third party users.

As IoT devices continue to be used by consumers, cyber attackers will continue to use the DDoS attack to gain information about individuals. Because many IoT Devices are usually shipped with default passwords and not changed after being received, many of these devices are hacked using a DDoS attack called the Mirai botnet. This malware was able to access the devices using username and passwords. Using this information, cyberattackers can use the information from these IoT devices as a weapon. IoT devices are sensitive to hackers and easy to use the information to monitor users’ daily activities.

A recent vulnerability exposure as a result of a security threat on an IoT device was through the use of FitBit. Many joggers and runners use devices such as Fitbit to track their running. These devices often have third party companies that have access to their data. Many users of FitBit are military personnel. The data FitBit collected exposed a secret military base abroad. This exposure put our military personnel abroad at risk because not only were their running routes exposed, but the base where they resided was also made public to everyone including our adversaries. Another threat is the fact that IoT devices also collect information including our IP address. Our IP address can be used to pinpoint our residential address. This can result in home invasions, especially if you are using IoT devices in your security systems. Because many cars use IoT devices, the lack of encryption can cause your car to get hijacked remotely.

The data collected by IoT devices is a security threat because it leads to major consumers being targets and victims of kidnapping, sex trafficking and more. Because IoT devices are mostly wearable and portable, these devices follow consumers to their home, place of work, car as well as other places they may go to socialize. When one goes to another home to visit with these devices, their voices, image as well as actions will also be recorded and sent to third parties. For example, if you look around during a corporate meeting, it is highly likely that at least one person has apple watches or some sort of smart watch on their wrist. Although the individual may not be actively using their watch, their watch is still working to pick up their voices to complete a task. This puts the privacy of the corporation at risk because the data is constantly being recorded and sent over to third parties in order for the IoT device to perform its task.

IoT devices are products with high demand and high usage. The features and benefits that these devices provide also increases vulnerability to threats and attacks affecting user privacy. Because of the vulnerability of these devices, it is very likely that there are people who have the potential to access our data and privacy without proper authorization. Regulations on IoT devices would have a high effect on the threats posed by these devices. These regulations can include legislation that will help monitor what kind of data is being shared, how the data is being shared and most importantly who the data is being shared with. Regulations will also monitor our data and privacy and hold primary and third parties responsible in case of a breach and other threats as a result of the use of IoT devices. Because of the expected increase of usage on these devices in the next 3-5 years as well their vulnerabilities to hackers, it is imperative that our country pass legislation to regulate IoT devices in order to protect our nation’s privacy and data. IoT devices collect information that is shared. Users do not control how the information is collected and shared. The information stored on IoT devices are shared with third parties. There is no regulation on what these third parties do with the information and how much information they can keep or use. However, IoT devices make it hard to regulate privacy and data laws. Because IoT devices are available in many places and different regions have different laws, it is difficult to regulate privacy and data laws.

Overall, although IoT devices are introduced to make our lives easier, it is also putting our lives at risk. With the potential increase of usage of these devices in the near future and their vulnerabilities to cyberattacks, cyber attackers have the ability to hack into these devices that are in our homes, offices and other private spaces. It is important to regulate these devices before our country’s data falls into the wrong hands. Cybercriminals will continue to use DDoS attacks on IoT devices. These attacks can be used to gain information from the devices. The information from these devices can be used as a weapon or blackmail as a result of the hackers gaining information to one’s private life, work life or moreover, their lifestyle. The vulnerabilities that expose our privacy and data can lead to National Security issues which is why it is imperative that our country pass legislation to regulate IoT devices in order to protect our nation’s privacy and data. I also believe that it is important the manufacturers develop these devices carefully. IoT devices should be updated and regulated daily to reduce vulnerability. Manufacturers should also notify customers to change their default username and password when they receive the device. They should also encourage password changes daily. It should also be mandatory for every consumer to read the privacy policy of the devices as well as change their device settings. Consumers also have the responsibility of being careful with how much data they share with these devices and the threat it can pose to their safety. IoT devices were introduced with the intention to make things easier for us, however, with all these risks, it is important to take a step back and understand how these devices threaten our privacy and security.

References

Joshi, Naveen., “8 Types of Security Threats to IoT.” Alerin, May 22, 2019,

https://www.allerin.com/blog/8-types-of-security-threats-to-iot

Harper,Angelina, “10 Biggest Security Challenges for IoT.” Peerbits, https://www.peerbits.com/blog/biggest-iot-security-challenges.html

Finance Monthly, “The Worst and Weirdest IoT Hacks of All Times” Finance Monthly, September 5,2019 https://www.finance-monthly.com/2019/09/the-worst-and-weirdest-iot-hacks-of-all-times/

Fisher, Sharon., “Internet of Things Security Risks.” Avast, December 9, 2019

https://www.avast.com/c-iot-security-risks

Meneghello, F., Calore, M., Zucchetto, D., Polese, M., & Zanella, A. (2019). IoT: Internet of threats? A survey of practical security vulnerabilities in real IoT devices. IEEE Internet of Things Journal, 6(5), 8182-8201

Sly, Liz, “US Soldiers Are Revealing Sensitive and Dangerous Information By Jogging” The Washington Post, January 29, 2018,

https://www.washingtonpost.com/world/a-map-showing-the-users-of-fitness-devices-lets-the-world-see-where-us-soldiers-are-and-what-they-are-doing/2018/01/28/86915662-0441-11e8-aa61-f3391373867e_story.html

Xiao, L., Wan, X., Lu, X., Zhang, Y., & Wu, D. (2018). IoT security techniques based on machine learning: How do IoT devices use AI to enhance security?. IEEE Signal Processing Magazine, 35(5), 41-49.

Xu, T., Wendt, J. B., & Potkonjak, M. (2014, November). Security of IoT systems: Design challenges and opportunities. In 2014 IEEE/ACM International Conference on Computer-Aided Design (ICCAD) (pp. 417-423). IEEE.