|
>
> |
| META TOPICPARENT | name="FirstPaper" |
|---|
It is strongly recommended that you include your outline in the body of your essay by using the outline as section titles. The headings below are there to remind you how section and subsection titles are formatted.
Internet-Connected Entry Systems: A Massive Forfeiture of Privacy
-- By IsabellaLiu - 24 Mar 2025
Introduction
Internet-connected entry systems, often referred to as “smart locks,” are devices that allow users to access their homes remotely via the internet through an application on their smartphones or other connected devices. The use of these smart locks has been on the rise, particularly in cities seeking to modernize their residential and commercial complexes. They allow homeowners and business owners to grant temporary access without the need for physical keys and also allow the controller of these systems to monitor entry logs, allegedly enhancing overall security protocols. They also purport to provide peace of mind to homeowners as they can lock and unlock their doors from miles away with the simple click of a button on their mobile devices. However, this increased convenience has also raised a host of concerns, particularly surrounding personal privacy and security.
IoT? : Historically Vulnerable to Cyberattacks
The proliferation of the Internet of Things (IoT? ) devices such as smart locks has introduced significant cybersecurity challenges. Historically, many IoT? devices have been vulnerable to cyberattacks due to various inadequate security measures including by not limited to weak default passwords, insufficient encryption protocols, and more. Attackers exploit these weaknesses to gain unauthorized access which leads to breaches of personal data and unauthorized control over devices.
One prevalent issue with IoT? devices is the use of “click-wrap” agreements in which users must accept the terms and conditions in order to use a device or service. Often, these agreements are lengthy and complex, leading users to accept them without fully understanding the implications. This practice can result in users unknowingly consenting to data collection and sharing practices that compromise their privacy. Furthermore, the UNESCO Inclusive Policy Lab highlights that such practices can lead to unauthorized data collection and sharing, thus exacerbating privacy risks.
Smart homes, equipped with a variety of IoT? devices, including but not limited to smart locks, thus present unique privacy concerns. Research from an international team of researchers reveals alarming privacy and security threats in these homes, emphasizing the fact that many devices collect more data than consumers realize. These researchers found that “threats include the exposure of unique device names, UUIDs, and even household geolocation data, all of which can be harvested by companies involved in surveillance capitalism without user awareness.” Additionally, vulnerabilities in smart home devices can also be exploited to monitor the residents’ behaviors, access personal data, or even grant the hacker control over these home systems. Significant attacks targeting IoT? devices have highlighted the need to improve these security standards. On a large-scale, the Mirai botnet attack exploited default credentials in IoT? devices to launch widespread distributed denial-of-service (DDoS? ) attacks, disrupting major internet platforms.
In response to these challenges, the White House has launched the U.S. Cyber Trust Mark, a labeling initiative aimed at providing consumers with clear information about the cybersecurity standards of connected devices. Products eligible for this label include home security cameras, voice-activated shopping devices, smart appliances, fitness trackers, garage door openers, and baby monitors. This initiative seeks to promote transparency and encourage manufacturers to adhere to higher security standards, thereby enhancing consumer trust in IoT? devices. While this aims to enhance consumer trust by promoting transparency in IoT? cybersecurity standards, it raises significant privacy and legal concerns. The initiative lacks a clear enforcement mechanism, relying on voluntary compliance without stringent regulatory oversight. Moreover, the label does not address broader data privacy risks, such as how manufacturers handle consumer data, whether they share it with third parties, or how long it is retained. Without a legal framework ensuring compliance with robust privacy protections, the initiative risks creating a false sense of security, potentially misleading consumers into trusting devices that remain vulnerable to data exploitation.
A Burglar’s Dream Come True
The integration of internet-connected entry systems into residential settings introduces both security and privacy challenges. Residents are often required to download specific applications on their smartphones in order to access their homes, inadvertently opening themselves up to a breach of personal privacy. Users may be unaware of the extent of permissions granted to these apps, potentially allowing the application access to their personal information, phone history, and other sensitive data. This scenario mimics the “click wrap” agreements prevalent in software usage, where users accept terms without fully understanding the implications.
A significant security concern is the widespread use of default passwords in IoT? devices. Many users and even administrators neglect to change these default credentials, leaving systems vulnerable to unauthorized access. With respect to Hirsch-made Mesh systems, the same online portal that monitors the access to a given building is also the one that provides information regarding the default login and instruction manual. While the user manual suggests that users ought to change the default password and credentials, there is no instructions provided on how to follow this security step. Thus, a simple Google search will provide not only sophisticated malicious agents but also the average person with the means to break into these “high-tech” security systems. Security researcher Eric Daigle demonstrated how default credentials in internet-connected entry systems could be exploited to gain unauthorized access to multiple apartment buildings within minutes. His findings highlight the ease with which attackers can exploit these vulnerabilities, emphasizing the urgent need for improved security practices.
Conclusion
While the adoption of internet-connected entry systems offers modern conveniences and aligns with contemporary technological trends, it often comes at the expense of privacy and security. The reliance on applications for access, coupled with the prevalence of default passwords, exposes users to significant risks. To mitigate these threats, it is imperative to prioritize security measures, such as changing default credentials, regularly updating device firmware, and being vigilant about the permissions granted to applications. Balancing technological advancement with robust security practices is essential to protect users in the evolving landscape of smart home technologies.
You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable.
To restrict access to your paper simply delete the "#" character on the next two lines:
Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list. |
|