Internet of Things (IoT) has been an integral aspect of human life. The IOT is available everywhere, monitoring our footsteps, tracking our locations, listening our voice, controlling the driverless car, powering on the smart switches and devices in our homes and offices. These devices have its own vulnerabilities that are open to cyber-attacks and as a result it has placed our privacy at risk.
In a latest privacy experiment by The Washington Post, popular TV brands like Samsung, TCL and LG records what you are watching on the screen and transmit the information to the manufacturers and even to third parties. It is surprisingly enough that many of us are unaware of it as these devices are eavesdropping and transferring our data without our consent.
Some of the common privacy threats are:
Identification: IoT devices are able to store our private data (name, address) and may send this data to manufacturer or even third parties.
Tracking: Many location aware applications record our GPS data, cell phone location or internet traffic from our smart phone or smartwatch we are wearing.
Profiling: IoT devices integrate personal data and user activity like watching movies, listening playlist to create a profile. This profile is then used for targeted advertising and ecommerce.
It is our duty as a consumer to be aware of, whether these devices are collecting and storing our sensitive data. Some of the simple steps that can be taken are:
Do not use default or weak passwords.
Turn off the features that invades our privacy.
Keep software on IoT devices updated.
Delete personal data in device and cloud when you are no longer using it.
Lastly, the ethics and regulation related with IoT system and data privacy should be defined by the concerned bodies. ACSC has already drafted Code of Practice to improve the security of IoT devices in Australia. It is designed for an industry audience and compromises of 13 principles. I would like to take you through these principles in my next blog.