Security and Privacy Issues with Internet of Things (IoT)

Expect Lots of Privacy Issues with Internet of Things

Security and Privacy Issues with Internet of Things

There are a lot of Security and Privacy Issues with Internet of Things devices, including increased risk of cyber and ransomware attacks.
Photo by Andres Urena

Cars, TVs, dog collars, condoms, toasters, refrigerators, rectal thermometers, water bottles and hair brushes are some of the everyday items being connected to the internet, collecting and sending your private data as part of the Internet of Things (IoT). 20 billion connected devices. The market will expand from $170 billion last year to over half a trillion dollars by 2022. Some experts predict that more than half of major new business processes and systems will incorporate some element of the (IoT) by 2020. 20 billion connected devices will be collecting and sharing your data. The market will expand from $170 billion last year to over half a trillion dollars by 2022.

Internet of Things (IoT).

Broadly speaking, IoT is defined as a global based network which connects many devices together for sharing information over the internet. As technology continues to grow and these devices become more popular, the issues which these devices create is becoming more important and, in some cases, regulated.  As a law firm we remain committed to informing and educating our clients on the importance of these new regulations.  Of special note, California recently became the first state with an Internet of Things cybersecurity law legislation which will regulates IoT devices starting in January 2020.

IoT is considered a worldwide network of individually connected devices which communicate with each other, passing data across the internet.  This data is collected about individual users and in some cases may contain very personal and private information about the user. Because this data can also be used for malicious purposes it presents security and Privacy Issues with Internet of Things (IoT) devices.   The number of IoT devices is quite large.  IoT devices are typically dispersed across the globe, allowing for instant communication between connected devices.  Domestic appliances, automobiles, TVs and other devices are collecting and transmitting their data across the internet in order to complete a variety of tasks. Users are typically unaware of how much data is actually collected and how the data is used or shared with others.  As a result of the collecting, passing and sharing of data among these networked devices and data recipients there is a concern among security and privacy experts about how this data is collected, shared and used.

In addition, the IoT devices and their networks are increasingly becoming a prime target for cybercriminals which has resulted in the breach of data security and privacy.  According to a new threat report from security firm Symantec, the number of IoT attacks increased from about 6,000 in 2016 to 50,000 in 2017—a 600% rise in just one year. The majority of IoT attacks in 2017—21%—originated from China, the report found, followed by the US (11%), Brazil (7%), and Russia (6%).

In 2016, a malware known as Mirai was used to attack the execution of several DDoS (Distributed Denial of Service) attacks and in 2017 Ransomware remained a major threat, with the WannaCry and Petya/Not Petya attacks taking down systems worldwide. While the number of ransomware variants increased 46% last year, the average ransom dollar demand dropped.

Therefore, many countries are enacting additional privacy and security regulations in order to prevent the harmful consequences that may arise due to the privacy and security obstacles IoT presents. New regulations, including the EU’s GDPR (General Data Protection Regulations) and the guidelines recently released by US’s Federal Trade Commission enhance the obligations and liability for failure to take adequate protective measures into consideration.

California, has also recently proposed legislation regarding IoT devices with the Senate Bill No. 327. The bill requires that by January 1, 2020, manufacturers of the connected devices must furnish the connected devices with “reasonable security features” which should be in accordance with “the nature and the function of the said device” and the “information it may collect, contain, or transmit.”

These regulations may encourage new developments related to enhanced protection for IoT devices and networks which address some of these privacy and security measures.