The Bulletin


Government to extend critical health services

Millions of Australians will continue to receive medical care and support in their own homes with the Morrison Government investing more than $2 billion to extend a range of COVID-19 health measures for a further six months, to 31 March 2021. ...

In war-torn Syria, the coronavirus pandemic has brought its people to the brink of starvation

Syrian President Bashar al-Assad may have successfully warded off a nine-year rebellion[1] against his government, but he is being tested with economic turmoil and civilian protests amid the coronavirus pandemic and looming conflict in the easter...

New Zealand's election becomes a 'third referendum' on Jacinda Ardern's leadership

GettyImagesThe delay to the New Zealand election date — to which not every country’s citizenry would have adjusted with such alacrity — was only the latest event in a year when the unexpected and the extraordinar...

Temporary migrants describe anguish of exclusion and racism during COVID-19

In early April, Prime Minister Scott Morrison sent a clear message[1] to temporary visa holders that if they were no longer financially solvent to ride out the pandemic, they were not welcome in Australia. As much as it’s...

Government targets emerging technologies with $1.9 billion, saying renewables can stand on own feet

The government has unveiled a $1.9 billion package of investments in new and emerging technologies, and reinforced its message that it is time to move on from assisting now commercially-viable renewables. The package will be ...

Why heads rolled at Rio Tinto

Outraged investors have forced the board of Rio Tinto to sack its chief executive Jean-Sebastien Jacques along with two of the senior executives partially responsible for the destruction of the Juukan Gorge caves in the Pilbara re...

Winding back JobKeeper and JobSeeker will push 740,000 Australians into poverty

lakshmiprasada S/ShutterstockAustralian National University calculations suggest JobKeeper and the boosted JobSeeker payment have saved about 2.2 million people from poverty. It’s a remarkable outcome without precedent in Au...

batch testing and contact tracing are the two keys to stop the lockdown yo-yo

Back in March and April I (and many other economists) argued for lockdowns to get COVID-19 infections under control and to give health systems time to put in place testing and tracing regimes to contain the virus in the longer ter...

  • Written by Kayleen Manwaring, Senior Lecturer, School of Taxation & Business Law, UNSW

From internet-connected televisions, toys, fridges, ovens, security cameras, door locks, fitness trackers and lights, the so-called “Internet of Things” (IoT) promises to revolutionise our homes.

But it also threatens to increase our vulnerability to malicious acts. Security flaws in IoT devices are common[1]. Hackers can exploit those vulnerabilities to take control[2] of devices, steal or change data[3], and spy on us[4].

In recognition of these risks, the Australian government has introduced a new code of practice[5] to encourage manufacturers to make IoT devices more secure. The code provides guidance on secure passwords, the need for security patches, the protection and deletion of consumers’ personal data and the reporting of vulnerabilities, among other things.

The problem is the code is voluntary. Experiences elsewhere, such as the United Kingdom, suggest a voluntary code will be insufficient to deliver the protections consumers need.

Indeed it might even increase risks, by lulling consumers into a false sense of security about the safety of the devices they buy.

Read more: Explainer: the Internet of Things[6]

Many IoT devices are insecure

IoT devices designed for consumers are generally less secure than conventional computers.

In 2017 the Australian Communications Consumer Action Network commissioned researchers from the University of New South Wales to test the security of 20 household appliances[7] capable of being connected and controlled via wi-fi.

These included a smart TV, portable speaker, voice assistant, printer, sleep monitor, digital photo frame, bathroom scales, light bulb, power switch, smoke alarm and Hello Barbie talking doll.

Are your devices spying on you? Australia's very small step to make the Internet of Things safer Devices tested by UNSW researchers for the Australian Communications Consumer Action Network. Inside Job: Security and privacy threats for smart-home IoT devices, 2017, CC BY-NC[8][9]

While some devices (including the Barbie) were found to be relatively secure in terms of confidentiality, all had some form of security flaw. Many “allowed potentially serious safety and security breaches”.

What this could potentially mean is that someone could, for example, hack into a household’s wi-fi network and collect data from IoT devices. It might be as simple as knowing when lights are switched on to determine when a home can be burgled. Someone with more malicious intent could turn on your oven[10] while shutting down smoke alarms and other sensors.

Risks to consumers, and society

Factors leading to poor security in IoT devices[11] include manufacturers’ desires to minimise componentry and keep costs down. Many makers of consumer goods also have little experience with cyber-security issues.

Allied with the fact many consumers aren’t technologically savvy[12] enough to appreciate the risks and protect themselves, this creates the prospect of IoT devices being exploited.

Read more: The privacy paradox: we claim we care about our data, so why don't our actions match?[13]

On a personal level, you could be spied on and harassed[14]. Personal pictures or information could be exposed to the world[15], or used to extort you.

On a societal level, IoT devices can be hijacked[16] and used collectively to shut down services and networks. Even compromising one device may enable connected infrastructure to be hacked. This is a rising concern as more people connect to workplace networks[17] from home.

Woman using a smarthome app on her phone. Many consumers don’t fully appreciate the security risks from IoT devices. Shutterstock

Voluntary codes of practice

In recognition of these threats, IoT security “good practice” guidelines have been proposed by standards bodies such as the US National Institute of Standards and Technology[18], the European Telecommunications Standards Institute[19] and the Internet Engineering Task Force[20]. But these guidelines are based on voluntary action by manufacturers.

The UK government has already concluded[21] the voluntary code of conduct it established in 2018[22] isn’t working.

Britain’s Minister for Digital Infrastructure, Matt Warman, said in July:

Despite widespread adoption of the guidelines in the Code of Practice for Consumer Internet of Things Security[23], both in the UK and overseas, change has not been swift enough, with poor security still commonplace.

The UK is now moving[24] to impose a mandatory code, with laws requiring manufacturers to deliver reasonable security features in any device that can connect to the internet.

A case for co-regulation

There is little reason to believe Australia’s voluntary code of practice will prove any more effective than in the UK.

A better option would have been a “co-regulatory[25]” approach. Co-regulation mixes aspects of industry self-regulation with both government regulation and strong community input[26]. It includes laws that create incentives for compliance (and disincentives against non-compliance) and regulatory oversight by an independent (and well-resourced) watchdog.

The Australia government has, at least, described its new code of practice as “a first step” to improving the security of IoT devices.

Let’s hope so. If the UK experience is anything to go by, its next steps will include dumping a voluntary code for something with a greater chance of delivering the safety and security consumers – and society – need.

References

  1. ^ are common (papers.ssrn.com)
  2. ^ control (www.theguardian.com)
  3. ^ steal or change data (www.forbes.com)
  4. ^ spy on us (www.forbes.com)
  5. ^ code of practice (www.homeaffairs.gov.au)
  6. ^ Explainer: the Internet of Things (theconversation.com)
  7. ^ household appliances (accan.org.au)
  8. ^ Inside Job: Security and privacy threats for smart-home IoT devices, 2017 (accan.org.au)
  9. ^ CC BY-NC (creativecommons.org)
  10. ^ turn on your oven (phys.org)
  11. ^ poor security in IoT devices (www5.austlii.edu.au)
  12. ^ aren’t technologically savvy (accan.org.au)
  13. ^ The privacy paradox: we claim we care about our data, so why don't our actions match? (theconversation.com)
  14. ^ spied on and harassed (www.vice.com)
  15. ^ exposed to the world (www.ftc.gov)
  16. ^ hijacked (elie.net)
  17. ^ workplace networks (www.iotworldtoday.com)
  18. ^ US National Institute of Standards and Technology (www.nist.gov)
  19. ^ European Telecommunications Standards Institute (www.etsi.org)
  20. ^ Internet Engineering Task Force (datatracker.ietf.org)
  21. ^ concluded (www.gov.uk)
  22. ^ established in 2018 (assets.publishing.service.gov.uk)
  23. ^ Code of Practice for Consumer Internet of Things Security (www.gov.uk)
  24. ^ moving (www.gov.uk)
  25. ^ co-regulatory (rogerclarke.com)
  26. ^ community input (rogerclarke.com)

Authors: Kayleen Manwaring, Senior Lecturer, School of Taxation & Business Law, UNSW

Read more https://theconversation.com/are-your-devices-spying-on-you-australias-very-small-step-to-make-the-internet-of-things-safer-145554

The Bulletin News

here are three ways to fix it

SevenMaps/ShutterstockFor two decades now, meaningful tax reform has proved elusive. At the federal level, there hasn’t been any comprehensive reform since the Howard government’s New...

Prime Minister - National Energy Address at Tomago

GAS-FIRED RECOVERY   Gas will help re‑establish a strong economy as part of the Government’s JobMaker plan, making energy affordable for families and businesses and supporting jobs as pa...

an employer who cares about the environment, society and you

ShutterstockWe spend, on average, about 90,000 hours at work. Given this, most of us want work that’s more than just a source of income. We want work that’s satisfying, significant, v...

why bullion is still a safe haven in times of crisis

Shutterstock“Gold” said famed investor Warren Buffett in 1998, “gets dug out of the ground in Africa or someplace, then we melt it down, dig another hole, bury it again and pay ...

Are your devices spying on you? Australia's very small step to make the Internet of Things safer

ShutterstockFrom internet-connected televisions, toys, fridges, ovens, security cameras, door locks, fitness trackers and lights, the so-called “Internet of Things” (IoT) promises to ...

The sackings at Rio look like a victory for shareholders, but...

In the coming days thousands of (digital) column inches are going to be devoted to the idea that institutional shareholders acted decisively to force the resignation of Rio Tinto chief executive ...

Why heads rolled at Rio Tinto

Outraged investors have forced the board of Rio Tinto to sack its chief executive Jean-Sebastien Jacques along with two of the senior executives partially responsible for the destruction of the J...

Winding back JobKeeper and JobSeeker will push 740,000 Australians into poverty

lakshmiprasada S/ShutterstockAustralian National University calculations suggest JobKeeper and the boosted JobSeeker payment have saved about 2.2 million people from poverty. It’s a remarka...

batch testing and contact tracing are the two keys to stop the lockdown yo-yo

Back in March and April I (and many other economists) argued for lockdowns to get COVID-19 infections under control and to give health systems time to put in place testing and tracing regimes to ...

Traveling to Oz? Here's How to Feel, Taste and Hear the Genuine Aussie Vibe

Australia is all about that local experience, even though there are many tourist hotspots about and plenty of name brand hotels for you to choose from. If you’re a traveller looking to se...

Relax, losing access to China won't make us the 'poor white trash of Asia'

In another round of the increasingly bitter exchanges between China and Australia, a columnist for China’s Global Times, Yu Lei, suggested that a further decoupling from China will make for...

With their conservative promises, Labour and National lock in existing unfairness in New Zealand's tax system

Finance Minister and Labour finance spokesperson Grant Robertson: higher tax revenue will be spent on economic recovery.GettyImagesAbility to pay is the basic principle of tax fairness: people in...

In war-torn Syria, the coronavirus pandemic has brought its people to the brink of starvation

Syrian President Bashar al-Assad may have successfully warded off a nine-year rebellion[1] against his government, but he...

Government extends COVID health initiatives at $2 billion cost

The government is extending the COVID health measures for a further six months, until the end of March, in its latest ack...

Morrison signs up to the gas gospel, but the choir is not in tune

If Labor were threatening to build a power station, the Liberals would likely be screaming “socialists”.As for a ...

Writers Wanted



News Company Media Core

Content & Technology Connecting Global Audiences

More Information - Less Opinion