2. Introduction
• Internet of things
• IoT architecture
• Privacy and Security
Tank, B., Upadhyay, H. & Patel, H. 2016, 'A Survey on IoT Privacy Issues and Mitigation Techniques', paper presented to the Proceedings of the Second International Conference on
Information and Communication Technology for Competitive Strategies, Udaipur, India.
Lucero, S. 2016, IoT platforms: enabling the Internet of Things, IHS, ihs.com.
7. Personal message recording leak – Teddy bear
• Ethical Issues:
• Internet connected Teddy bear leak 2 million recordings of parents and their
children
• 800, 000 records of personal information were exposed (emails, password)
Chester, R. 2017, 'Millions of recorded messages between parents and children targeted in teddy bear toy hack'.
8. Personal message recording leak – Teddy bear
• Ethical Issues:
• Database design flaw
• Irresponsible vendor
• Records were sold
Chester, R. 2017, 'Millions of recorded messages between parents and children targeted in teddy bear toy hack'.
9. A Case study - FitBit
https://support.endomondo.com/hc/en-us/articles/202228488-Fitbit
10. A Case study - FitBit
• Ethical Issues:
• Shared their customers’ fitness
information with their business
partners
• Advertisement emails, phone calls,
and ad notices on the phone were
interrupting the customers
11. Considerations dealing with Ethical issues
• Government regulations of IoT
• When making decisions, follow the ethics code
• Always think about the customers’ benefit
• Improve IoT security
• Customer awareness
13. Examples of IoTs used in businesses
1.3 million robots in factories that are at risk of being hacked by 2018 (CNet)
https://www.cnet.com/au/news/factory-robots-industry-machines-can-be-easily-hacked/
14. Incidents
• In 2014 a German Steel Mill was hacked, some of the furnaces
blasted. Hackers obtained access by infecting emails with malicious
scripts sent to the employees’ inbox.
• A uranium enrichment facility in Iran was infected by a virus called
StuxNet leading a failure to some of the equipment in the facility.
http://www.bbc.com/news/technology-30575104
http://www.abc.net.au/triplej/programs/hack/the-worlds-first-digital-weapon-stuxnet/7926298
16. Legal issues is?
• Intellectual property
• Cybercrime
• Liability of providers
• Data protection and privacy
• Telecom
17. Case Study: Trane
• Connected thermostat vulnerabilities detected by Cisco’s Talos group
allowed foothold into network
• It tooks 12 months to find fixes for 2 vulnerabilities
• 21 months to publish fix for 1 vulnerability
• The device owners may not aware of fixes or have the skill to install
updates
http://blog.talosintel.com/2016/02/trane-iot.html
18. Solution
• Policies, procedures and standards
• Awareness training
• Risk management and weakness management
• Forensics
• Additional types of logging, log storage
• Increased demand for IP addresses both IPv4 and IPv6 and Increased network complexity
• Strengthen partnerships with researchers, vendors, and procurement department
http://krebsonsecurity.com/2016/02/iot-reality-smart-devices-dumb-defaults/
http://www.gsma.com/connectedliving/gsma-iot-security-guidelines-complete-document-set/