The Internet of Everything and digital privacy: what you need to know

Credit to Author: Malwarebytes Labs| Date: Thu, 26 Apr 2018 15:36:00 +0000

If you don’t already own Internet of Things (IoT) devices, you likely will soon. IoT-enabled devices are physical gadgets with built-in Internet connectivity that allow data transmission; often this happens in the background with no indication to the user that anything is happening.

The IoT is more like the Internet of Everything—statistics indicate within the next couple of years, there will be three IoT devices for every adult and child on the planet.

So, should people be concerned about consumer privacy and data security if these gadgets are always on and ready to transmit information whether we realize it or not? Let’s take a look.

Rise of the IoT brings new security concerns

The functionality and capabilities of IoT devices bring about realities that haven’t been dealt with before. Many people know they can opt out of some data collection techniques used on websites. However, if they do that with most IoT devices, the decision typically impacts how the gadgets work and may render them useless.

There’s also the fact that the increase in connected devices causes a gigantic jump in the amount of data collected. Individuals understandably wonder which device manufacturers know details about them, where the data gets stored, and how those companies use the data.

As the number of IoT devices goes up, the infiltration points for potential hackers rises, too. There was a time when cybercriminals mostly targeted only the primary corporate data stores, but there have also been instances of hackers breaking into IoT devices themselves.

It’s essential for IoT companies to take all-encompassing data protection measures, including releasing security patches for known vulnerabilities.


Read: Internet of Things (IoT) security: what is and what should never be


Both consumers and companies must prepare

There are positive and negative factors associated with the Internet of Everything.

For example, companies can collect more data, which could make them prime targets for breaches. But, they can theoretically use that data to personalize user experiences, making them more relevant.

So what can companies do to both optimize their technology and protect user data? For one, they can be proactive about on-site cybersecurity strategies and data usage disclosures. By encrypting IoT device data while it’s at rest or in transit, businesses can take a substantial step toward improving user security. It’s also worthwhile for them to consult IoT security specialists to perform site audits or check for device vulnerabilities.

The European Union’s soon-to-be-enacted GDPR regulations do not provide clear-cut guidance for IoT devices in particular, but they emphasize obtaining user consent. Because it’s difficult to foresee all instances in which permission might be required, some recommendations suggest getting user consent during the setup process for an IoT device.

Consumers also need to strive for research regarding how to take steps that protect their devices and their data as much as possible. For example, limiting the permissions of an IoT device or periodically deleting the data Google and Amazon store about you is a good start. Signing up for the email list associated with an IoT device brand could also keep you in the loop about any known security flaws, letting you proactively download a patch as soon as it becomes available.

Researching privacy settings put in place by a specific IoT device is another smart step to take. For example, Fitbit offers detailed information on its website about privacy, data sharing, and how to tweak the respective settings on your Fitbit profile.

Third-party monitoring is essential

The recent news of Cambridge Analytica and its improper handling of Facebook user data highlighted the erosion of digital privacy taking place today, especially among third-party platforms. Most people knew Facebook had details about them but didn’t think about the potential of that information getting into the hands of a different company.

In the case of the Cambridge Analytica breach, people did not even have to download the app that grabbed their information. It was enough for a user in a person’s network to interact with the offending app, thereby triggering it to get data from all associated friends.

Facebook admitted it did not properly enforce rules set for how third-party companies handled the site’s data, so monitoring was seemingly non-existent.

Google also came under fire for a similar problem related to data mismanaged by third-party companies. Then, the issues stemmed from Android apps that tracked kids’ information.

It’s also crucial to think about what a lack of third-party monitoring could mean for people who use their IoT devices for payments. It’s already possible to buy a pizza or book a taxi with an Amazon smart speaker, and PayPal launched functionality in 2016 that allows for making payments instantly from any IoT device.

A survey about payment convenience polling more than 2,500 people found nearly two-thirds of them would pay through IoT devices to make transactions faster and easier. But, by doing so, would they be trading privacy for convenience?

Researching device-specific privacy information is often difficult enough. When third-party payment processors come into the picture, it’s harder still for people to get concrete answers about what happens to their data.

Government regulation

In the aftermath of theses incidents, questions have arisen about whether it’s time for governmental regulation to come into play.

However, a poll shows only 41 percent of Americans believe Facebook would follow regulatory rules if they were set. Based on that result, putting regulations in place wouldn’t do much to boost consumer confidence, but it may have other benefits.

Research shows IoT bottlenecks often occur when data gets analyzed, aggregated, and communicated. Regulation could minimize those slowdowns and associated problems. Experts point out that besides regulatory rules indicating what companies cannot do, they should set good examples. For example, if the government provides sufficient bandwidth and opens up more of the electromagnetic spectrum for speedy, wireless information transfers, communication slowdowns will become less prominent.

Experts point out that besides regulatory rules indicating what companies cannot do, they should set good examples of how to reduce risks to people who use IoT devices.

Lawmakers in the US have teamed up to put that ideal into action. They created a proposed framework that imposes minimum standards for IoT devices: For instance, they cannot have hard-coded passwords. If they contain known vulnerabilities, they must provide written explanations detailing why the gadgets are secure, despite those shortcomings.

Even if the proposed regulations do not become part of national law, the information within them steers IoT manufacturers in other countries in the right direction. They might not have previously considered some of the stipulations presented in the guidelines, but could potentially change their approaches to designing and securing IoT devices after reading them.

Awareness reduces consumer risk

Being aware of digital privacy begins when initially setting up IoT devices. Many consumers blindly click “I Agree” to any prompts they see, but need to read agreements and understand what they mean before proceeding. It’s necessary for you to take that approach when updating apps, too.

Also, when downloading an app, you’ll probably see a dialogue box indicating which information the app pulls from your device. In some cases, you can limit the information received or shared.

Unfortunately, app permissions descriptions are often too brief and unclear. If you feel uneasy about likely approving a reduction in your digital privacy by agreeing to vague permissions, consider not downloading the app.

Keeping your devices updated is a smart first step because it gives you the latest security patches. Going further and being proactive by limiting shared data reduces the information hackers can potentially get.

Although it’s necessary for companies to keep user data privacy in mind, consumers cannot assume there is no need for them to take further action.

When you use IoT-enabled devices, it’s crucial to realize how a feature that seems convenient at first may sacrifice privacy, making it warrant scrutiny.

Kayla Matthews is a tech journalist covering AI, the IoT, smart gadgets and cybersecurity. In addition to being a senior writer for MakeUseOf, Kayla is a regular contributor at Digital Trends, The Next Web, VentureBeat and TechnoBuffalo. Read more from Kayla at ProductivityBytes.com.

The post The Internet of Everything and digital privacy: what you need to know appeared first on Malwarebytes Labs.

https://blog.malwarebytes.com/feed/