Several British Universities have been awarded funding to research the security issues in IoT and smart home devices and to determine ways to alert consumers of the risks. The Petras National Centre of Excellence awarded £3.6 M for 18 new research projects to research institutes across the UK to tackle cybersecurity at the edge of the internet under PrivIoT project.
Announced in mid July, the new PrivIoT project explores digital harms in the interaction between home IoT devices, smart meters, and Demand-Side Mangement (DSM) technologies, and develop conceptual tools to improve users’ situational awareness and agency.
In an interview with The Daily Swig, Nicholson, together with Dr David Buil-Gil, a lecturer in Quantitative Criminology at the Department of Criminology of the University of Manchester, said the 18-month project will focus on understanding what the potential harms of IoT in the home.
There are three ‘strands’ to the project – the initial area of study will be understanding potential risks associated with what could be considered “future” technologies that, while in existence, have not yet been fully developed, implemented, or rolled out nationwide.
Led by Buil-Gil and Manchester University, this aspect will include analysis of studies already conducted on IoT and the potential creation of classification standards, as well as an examination of which technologies could act as a counterbalance for risks to privacy or security.
Buil-Gil said risk factors vary but may include blackmail, the theft of private data, such as audio recordings or images harvested from a smart home by compromising an intelligent device, ransomware, and other forms of cyber-attacks.
Energy devices are also of interest to the researchers and whether or not the “trade-off” between saving money and being more energy efficient while potentially sacrificing security is worth it.
The UK government is targeting a complete rollout of smart meters in homes by the end of 2024, and rollouts of Demand-Side Management (DSM) technologies will follow to ensure efficient power usage. These technologies offer important functionalities for the National Grid and economic savings for citizens but do this by tracking the activities we carry out in the privacy of our homes.
When further integrated with consumer Internet of Things (IoT) devices in the home, the interactions between these IoT devices, smart meters, and DSM could result in a multitude of digitally-enabled harms. These harms will be considered from the perspective of privacy, security, and personal safety. When it comes to web security, the team may also examine issues surrounding IoT botnets and distributed denial-of-service (DDoS) attacks as use cases.
“The most secure state you can be in is to not use a device connected to the internet, but at some point, you’ve got to make that call as to whether the practical benefits outweigh any potential risk – and what we’re trying to do here is try things in a different way,” Nicholson says.
This is where Northumbria comes in: once an understanding of the risks has been established, the team will work on ways to “communicate these risks to citizens”.
“How can we get citizens involved in these discussions?” Nicholson said. “We know that now, as it has been in the past, people do not generally or openly discuss security or privacy issues.”
“When it comes to adopting technologies, including IoT, essentially [by the] time they understand the risks of these technologies… they’ve already started using them.”
In past years, security failings and risks in IoT products have become apparent after they have been made available. Now, the team hopes to get ahead of the curve and ensure consumers are more risk-aware, with risk factors addressed proactively, rather than reactively.
The first phase of the research is underway, which will include study analysis and data collection. Researchers will be hired to help with the data collection stage, and companies including Toshiba, OTASKI Energy Solutions, and CybSafe will also be participating in the project.