Latest news with #InternetOfThings
Fast Company
19 hours ago
- Fast Company
How the Internet of Things impacts everyone's privacy
Some unusual witnesses helped convict Alex Murdaugh of the murders of his wife, Maggie, and son, Paul. The first was Bubba, Maggie's yellow Labrador retriever. Prosecutors used a recording of Bubba to place Alex at the site of the murders. Given Alex's presence at the crime scene, other witnesses then revealed his movements, tracked his speed and explained what he had in his hands. Those other witnesses were a 2021 Chevy Suburban and Maggie, Paul and Alex's cellphones, which all provided data. They're all part of the Internet of Things, also known as IoT. The privacy implications of devices connected to the internet are not often the most important consideration in solving a murder case. But outside of criminal prosecution, they affect people's privacy in ways that should give everyone pause. The Internet of Things The Internet of Things includes any object or device that automatically sends and receives data via the internet. When you use your phone to message someone or social media to post something, the sharing is deliberate. But the automatic nature of connected devices effectively cuts humans out of the loop. The data from these devices can reveal a lot about the people who interact with them—and about other people around the devices. As an assistant professor of law at the University of South Carolina, I have watched as new kinds of connected devices have entered the market. New devices mean new ways to collect data about people. Connected devices collect information from different contexts. Take your refrigerator. As a non-IoT device, your fridge generated no data about your kitchen, your food, or how often you peeked inside. Your relationship with the fridge was effectively private. Only you knew about that midnight snack or whether you ogled a coworker's lunch. Now, smart refrigerators can respond to voice commands, show images of the items in your fridge, track who opens it, suggest recipes, generate grocery lists and even contact your car to let you know the milk has expired. All these functions require continuous streams of data. Device data and your privacy Connected devices generate lots of data in contexts that have typically produced little data to make those situations 'legible' to whoever can access the data. In the past, if you wanted to monitor your heart rate, blood oxygenation, sleep patterns, and stress levels, you might have undergone a battery of tests at a hospital. Specialized equipment in a controlled setting would have measured your body and make these parts of you visible to highly trained, licensed professionals. But now, devices such as the Oura Ring track and analyze all that information continuously, in non-health care contexts. Even if you don't mind sharing data with an Internet of Things company, there are privacy risks to using a device like this. In the health care context, a series of rules enforced by several groups make sure that connected equipment and the data the equipment generates have adequate cybersecurity protections. Away from that context, connected devices that perform similar functions don't have to meet the same cybersecurity standards. The U.S. Cyber Trust Mark program, administered by the Federal Communications Commission, is developing cybersecurity standards for Internet of Things devices. But the program is voluntary. In some states, such as Washington, state laws set standards for protecting health data from connected devices. But these laws don't cover all data from all devices in all contexts. This leaves the devices, and the data they generate, particularly vulnerable to unwanted access by hackers. Your inability to control who sees the data that connected devices gather is another privacy risk. It can give advertisers insights about potential customers. Absent a mandated opt-out, each device provider can decide what it does with customer data. Amazon, for example, recently removed the 'Do Not Send Voice Recordings' option from the privacy settings of its popular smart speaker, Alexa. Some connected-device providers participate in data markets, selling your data to the highest bidder. Sometimes those purchasers include government agencies. So, instead of needing a warrant to track your whereabouts or learn about activity in your home, they can purchase or access Internet of Things records. A connected device can also compromise the data privacy of someone who just happens to be nearby. Connected cars Cars have joined the ranks of the Internet of Things. The 2021 Chevy Suburban that helped convict Alex Murdaugh simply tracked information about the vehicle. This included the vehicle's speed, the turning radius of the steering wheel, and time stamps. Most modern vehicles also incorporate data from external sources. GPS data and infotainment systems that connect to cellphones also track the vehicle's movements. All of this data can also be used to track the whereabouts and behavior of drivers and other people in the vehicles. And as vehicles become increasingly automated, they need to make driving decisions in increasingly complex situations. To make safe driving decisions, they need data about the world around them. They need to know the size, speed, and behavior of all the nearby vehicles on the roadway, moment to moment. They need to instantly identify the best way to avoid a pedestrian, cyclist or other object entering the roadway. If you and I are driving in separate cars on the same roadway, it means my car is collecting information about you. And if my vehicle is connected, then data about you is being shared with other cars and car companies. In other words, if a Tesla had been present at the scene of the Murdaugh murders, its outward facing cameras could have captured footage. Bubba's testimony might not have been necessary. Spillover data collection Internet of Things devices generate data from similar situations in a highly structured way. Therefore, what data collectors learn about me from my connected device may also give them insights about someone else in a similar situation. Take smart meters that share information with the water utility every 15 minutes. Imagine a subdivision with a narrow range of house and yard sizes. Water usage should be relatively comparable for each household. Data from even just a couple of houses can give a good sense of what water use should be for everyone in the neighborhood. Without actually collecting data from each house, data from connected devices reveals potentially private information about similarly situated people. Data from IoT devices can also fuel insights into people who never use or make contact with these devices. Aggregated data from Oura Rings, for instance, could contribute to decisions a health insurer makes about you. Connected devices are also changing. In addition to collecting data about the person using the device, a growing number of sensors collect information about the environment around that person. Some of my research has examined what privacy means for people observed by vehicle sensor systems such as radar, lidar, and sonar. These technologies capture potentially very revealing information about people and their property. Even the most comprehensive privacy laws in the United States offer people little recourse for the impact to their privacy. Civilian drones are capable of gathering data about other people. But people observed by drones would have a tough time learning that data about them exists and an even harder time controlling how that information might be used. Meanwhile, artificial intelligence systems are expanding the ways Internet of Things data can affect the privacy of other people by automating the process of training IoT systems. AI chipmaker Nvidia has created a digital environment, or model, where people can upload their connected device data. This environment can help train IoT devices to ' predict the outcomes of the device's interactions with other people,' according to Nvidia. Models like this make it easy for AI devices that you don't own to collect data or reach conclusions about you. In other words, IoT data processed by AI can make inferences about you, rendering you legible to the AI system even before you interact with an IoT device. Looking forward Internet of Things devices and the data they generate are here to stay. As the world becomes increasingly automated, I believe it's important to be more aware of the way connected devices may be affecting people's privacy. The story of how vehicle data combined with cell data in the Murdaugh trial is a case in point. At the start of the trial, prosecutors came ready to show 'phone call logs and texts, steps recorded, apps asking for information, GPS locations, changes when the phone went from vertical portrait mode to horizontal landscape mode and back, and—key to the prosecution's case—when the camera was activated.' But that was probably not enough to merit a conviction. During the trial, GM called and said something like ' oh wait, we found something,' according to the prosecution. That vehicle data, combined with the cellphone data, told a story that Alex Murdaugh could not deny. There are at least two lessons from this story. First, not even GM fully realized all the data it had collected in its vehicles. It's important to be aware of just how much information IoT devices are collecting. Second, combining data from different IoT devices revealed incontestable details of Alex Murdaugh's activities. Away from criminal court, combining data from multiple IoT devices can have a profound effect on people's privacy. If people's data privacy matters, how do we address this reality? One way of potentially protecting people's privacy is to make sure people and communities observed by connected devices have a direct say in what data the devices collect and how the data is used.
Forbes
16-05-2025
- Forbes
FBI Warns About Danger In The Internet Of Things
Internet of things (IOT), devices and connectivity concepts on a network, cloud at center. digital ... More circuit board above global Earth. The Internet of Things is made up of a broad range of devices connected to the Internet including home thermostats, security systems, medical devices, refrigerators, televisions, smart televisions and toys. Our homes have become filled with these devices including Alexa and Siri. One device that people hardly give any thought to is your smoke detector. Newer, sophisticated smoke detectors have the capability to send data to your phone or the manufacturer which they do through your router and this makes them vulnerable to being hacked. There has even been a trend in recent years in the sex toy industry to creating sex toys that, through the Internet of Things, connect to smartphones and computers through Bluetooth or Wifi technology that enables the sex toy to be controlled remotely. While this opens new vistas for consenting adults far away from each other, it also opens up frightening new opportunities for hackers. In 2017 Italian researcher Giovanni Mellini published his findings that he was able to remotely hack into and take control of a sex toy described by its manufacturer as "the world's first teledildonic butt plug." The FBI has long warned consumers about the dangers presented by hacking the various devices that make up the Internet of Things. Cybercriminals hack into your devices that are a part of the Internet of Things to enable them to enlist your devices as a part of a botnet by which they can distribute malware while maintaining their anonymity. They also hack into your Internet of Things devices to access your home computers or cell phones to steal information for purposes of identity theft or to implant malware on your home computers and cell phones. The risks are extreme, but there are some basic steps you can take to protect yourself. The key to protecting yourself is having a secure router. A router is a networking device that is used to transfer data between your computer and the Internet. Unfortunately,when they first install a router many people don't bother to change the default password on their router and therefore leave themselves extremely vulnerable to hackers who use default passwords which are readily available on the Internet to gain access to the router and the devices connected to it The devices that make up the Internet of Things also come with preset passwords that can easily be discovered by hackers. Change the password as soon as you set up any Internet of Things device. Also, set up a guest network on your router exclusively for your Internet of Things devices. This is important so that you can keep the sensitive personal information you have on your computer or cell phone from being accessible through a hacking of any of your Internet of Things devices. Recently the FBI issued a warning about 13 outdated, end-of-life routers that are no longer supported by their manufacturers with software updates and patches to fix vulnerabilities. Cybercriminals, particularly Chinese cybercriminals, according to the FBI, are exploiting the lack of security of these routers to gain access to your computers and other devices and install malware and make it part of a botnet. Make sure your router will automatically download and install the latest security updates from its manufacturer. If your router is an older router that does not have this capability, you can check the manufacturer's website regularly for the latest updates, but frankly, you are probably better served by getting a newer, more secure router. Make sure you have a unique password for each of your Internet of Things devices and use dual factor authentication whenever you can for all of these devices. In addition to replacing end-of-life routers with newer, more secure routers there are other steps you should be taking to provide better security. Disable remote management settings on your routers and make sure you are using a strong password as well as encryption. Configure network firewalls to block traffic from unauthorized IP addresses and disable port forwarding. Make sure that you install the latest security patches as soon as they become available. Finally, consider using your router's whitelisting capabilities which will prevent your device from connecting to malicious networks. Blacklisting is how most security software works; blocking malware that has already been identified; however, blacklisting does not protect you from malware exploiting zero day defects vulnerabilities which are vulnerabilities that have not yet been identified. Whitelisting prevents any software that you have not specifically approved from being downloaded through your router on to your computer, thereby providing much enhanced security from harmful malware.
