IEEE Technology and Society Magazine - June 2018 - 74

quality monitor, and Netatmo weather station and use
them as part of a network of compromised devices to
launch massive cyber-attacks. Note, however, that in
general, health monitoring IoT devices do not tend to
have many security problems. Although the Awair air
quality monitor could stop functioning if it's forced to
deal with a large amount of Internet traffic, it encrypts
all data sent to the server.
In the third scenario, an opportunistic neighbor sees
the Singhs as a potential soft burglary target. He uses a
remote device to deliver malware that snoops on local
Wi-Fi traffic. The Singhs' IoT devices, especially their
power switch and lights, provide a good indication of
their presence in, or absence from, their home. More
importantly, the neighbor can alter the state of the
devices. The Phillips Hue light bulbs do not send
encrypted information, so he can turn them on or off
and change their color and brightness. The LIFX bulbs
have encrypted messages but they can be decrypted
with little effort. The TP-Link power switch also uses
encrypted data but has a very weak key; it can be broken easily. Under certain conditions, the Hello Barbie
doll enables outsiders to listen in on conversations
while the doll's talk button is pushed.
In the fourth scenario, a cyber-stalker uses a password-cracking tool to gain access to Eddie and Jenny's
Wi-Fi network. Like many others, they have not changed
the default username or password ("admin") on most of
their devices. Once in, the stalker can use simple
request functions to get information on what videos and
games they play through Google Chromecast - she
might even be able to post a threatening text or video
on their television screen. She knows their printer is
particularly vulnerable. Using the basic Internet Printing Protocol, she can see any documents they have
scanned recently or might even print a threatening or
obscene message on the device. Although most of
Eddie and Jenny's devices are relatively safe compared
with other IoTs tested, the HP Envy printer is an exception. It has poor security protection, with many open
ports that are not protected by a password, allowing an
attacker easy access. It also allows an attacker to print
documents or stop others from printing entirely.

Evaluate
We invited IoT suppliers, consumers, insurers, and regulators to evaluate our results at a workshop. In this section, we discuss their reactions and expectations.
A frequent theme among attendees was that consumer expectations must survive a transition to the digital age. Most consumers of smart-home IoT devices will
not scrutinize manufacturers' license agreements, and
they cannot be expected to as the agreements are frequently complex and unlikely to be enforced. They

assume that manufacturers or service providers will
supply any software updates necessary to continue running their applications. Similarly, consumers expect that
a smart-home device placed on their home network will
not create a backdoor to other devices in their home.
More generally, they expect that technical security is
someone else's responsibility.
We believe this expectation is reasonable in light of
consumers' experiences with non-IoT products. Car buyers, for instance, are only required to ensure that their
cars are locked, perhaps parked in a secure garage, and
regularly serviced in line with the manufacturer's specifications. They are not expected to also be automotive
engineers, mechanics or locksmiths. And yet, the question persists: how much education is required for a consumer to know that their IoT devices are "safe"? It's
possible to foresee the use of a security "star rating" for
IoT devices - similar to energy- or water-efficiency ratings on household appliances - that may allow consumers to make informed purchasing decisions. Such a
ratings scheme might enable market forces to decide
how important the security and safety of IoT devices are
to consumers [8].
Such a scheme is not without complexity of its own.
Security ratings, after all, cannot be static, since security threats evolve continuously. The implications of a low
security star rating may be unclear to consumers.
Further, the issue of data ownership and its sharing
remains murky [9]. Consumers may expect their service
providers will not on-sell data generated by their smarthome IoT devices, for example, despite some license
agreements allowing just that. Any ratings system, and
improvements to consumer decision making, need to
take this into account.
For manufacturers, a major gap exists between consumers' expectations that IoT devices will be kept upto-date with near-invisible software "patching" and the
current reality that many devices simply cannot be
updated. While smartphones can be patched with regular updates, the firmware in many IoT devices cannot be
patched due to small memory capacity, lack of a management system, the transient nature of network connectivity, or some other issue. In the cases where
devices can be updated, the technical demands re quired to make this happen are beyond the ability of
most consumers.
Furthermore, in a world of disarticulated production,
it is simply not clear who is most responsible for a security shortfall: is it the company that designs the device,
or the one that supplies component software? Or is it
the company that supplies the network in which the
device is embedded?
Further, manufacturers often focus on price competitiveness rather than security, especially because

IEEE Technology and Society Magazine

∕

JUNE 2018

Table of Contents for the Digital Edition of IEEE Technology and Society Magazine - June 2018