IoT Security: Old Problems + New Situations = New Problems

A few days ago, news broke concerning the unintended exposure of US Military around the world, due to a fitness tracker which allows it’s users to share their exercises and exercise locations. Perhaps even more disconcerting is that in this case, the fitness tracker or wearable (which is paired with the user’s smartphone) seems to have default settings that enable such sharing.

Privacy problems introduced by location aware technology is not new. Research into mobile applications have revealed privacy concerns for years, as this TechRebublic report shows; it’s just one of many such reports. In mobile apps, privacy concerns have led to fundamental changes in how major mobile operating systems such as Android and iOS, enable users to share data and restrict apps from accessing private data.

Astute security researchers often say, and rightly so, that many of the IoT security and privacy concerns that the media screeches in the their IoT Doomsday scenarios, are born out of rudimentary security flaws that are hyped. That is true.

Yet, there is a difference between a simplistic, bad admin password on the home router on one or even many people, and a bad admin password or access control implementation for smart stop lights in a city or even a smart grid. There is a difference between select mobile apps, installed by select people, sharing personal data that they shouldn’t, and fitness trackers used anywhere in world sharing personal data by default or after a routine update. Those are just a few examples.

IoT  is changing how we interact with our environment, and it will continue to do so. New technologies and old technologies (previously unconnected to the Internet) will be connected in varied environments for different purposes, creating new experiences for the daily breather, and thus introducing new security concerns – even when they are old – that we must address anew.


If you enjoyed this post, you can subscribe to receive my weekly newsletter via email.

Leave a reply:

Your email address will not be published.

Time limit exceeded. Please complete the captcha once again.