Download This PaperUser Privacy in Smart Systems: Recent Findings and Countermeasures
5 Pages Posted: 3 Apr 2020
Date Written: April 1, 2020
Abstract
Internet of Things (IoT) is a technology that has been readily accepted by users due to the promise of a more exciting and smarter way to carry out their daily lives. Invasive domains like entertainment, lifestyle, and healthcare see the presence of aesthetically and efficient smart devices. But with such a presence, critical user information is being shared over the network and is easily available for misuse. The possibility of profiling a user's behaviour and traceability of service data to a user demographic is viewed as a privacy loss. Such loss of privacy not only infringes on basic rights but is also a breach of user's trust placed in the smart devices. In this paper, we have discussed privacy vulnerabilities typical to the layers of an IoT application and those identified by widely accepted standards like OWASP and BITAG. We have also analyzed the common software security weaknesses which could result in unauthorized access to system privileges or information. Our study discovered that information disclosure makes up the majority of such weaknesses, followed by privileges, permissions and access control weaknesses and credential management. Individual users make up the majority of targets due to their lack of awareness. In agreement with this finding, recent years have seen large scale attacks that were carried out through compromised devices installed in smart homes and small scale premises. Through identification of privacy risks and potential victim characteristics, it could become easier to lay down countermeasures and remedial actions.
Suggested Citation: Suggested Citation