![\"\"](\"https:\/\/yogaesoteric.net\/wp-content\/uploads\/2023\/06\/1-96-300x169.jpg\")
<\/p>\nDo you know how many internet-connected devices there are inside your home? I certainly don\u2019t. These days, it could be almost anything: a thermostat, a TV, a lightbulb, an air conditioner, or a refrigerator. But what I do know, thanks to some of the conversations I\u2019ve had over the past few weeks, is just how much data they\u2019re producing, and how many people can access that data if they want to. Hint: it\u2019s a lot.<\/p>\n
<\/p>\n
I\u2019ve been speaking to people who work in a field called IoT forensics, which is essentially about snooping around these devices to find data and, ultimately, clues. Although law enforcement bodies and courts in the US don\u2019t often explicitly refer to data from IoT devices, those devices are becoming an increasingly important part of building cases. That\u2019s because, when they\u2019re present at a crime scene, they hold secrets that might be invisible to the naked eye. Secrets like when someone switched a light off, brewed a pot of coffee, or turned on a TV can be pivotal in an investigation.<\/p>\n
Mattia Epifani is one such person. He doesn\u2019t call himself a hacker, but he is someone the police turn to when they need help investigating whether data can be extracted from an item. He\u2019s a digital forensic analyst and instructor at the SANS Institute, and he\u2019s worked with lawyers, police, and private clients around the world.<\/p>\n
\u201cI\u2019m like obsessed. Every time I see a device, I think:<\/em> \u2018How could I extract data from there?<\/em>\u2019 I always do it on test devices or under authorization, of course<\/em>,\u201d says Epifani.<\/p>\n Smartphones and computers are the most common sorts of devices police seize to assist an investigation, but Epifani says evidence of a crime can come from all sorts of places: \u201cIt can be a location. It can be a message. It can be a picture. It can be anything. Maybe it can also be the heart rate of a user or how many steps the user took. And all these are basically stored on electronic devices<\/em>.\u201d<\/p>\n Take, for example, a Samsung refrigerator. Epifani used data from VTO Labs, a digital forensics lab in the US, to investigate just how much information a smart fridge keeps about its owners.<\/p>\n VTO Labs reverse-engineered the data storage system of a Samsung fridge after it had primed the appliance with test data, extracted that data, and posted a copy of its databases publicly on their website for use by researchers. Steve Watson, the lab\u2019s CEO, explained that this involves finding all the places where the fridge could store data, both within the unit itself and outside it, in apps or cloud storage. Once they\u2019d done that, Epifani got to work analyzing and organizing the data and gaining access to the files.<\/p>\n What he found was a treasure trove of personal details. Epifani found information about Bluetooth devices near the fridge, Samsung user account details like email addresses and home Wi-Fi networks, temperature and geolocation data, and hourly statistics on energy usage. The fridge stored data about when a user was playing music through an iHeartRadio<\/em> app. Epifani could even access photos of the Diet Coke<\/em> and Snapple<\/em> on the fridge\u2019s shelves, due to the small camera that\u2019s embedded inside it. What\u2019s more, he found that the fridge could hold much more data if a user connected the fridge to other Samsung devices through a centralized personal or shared family account.<\/p>\n None of this is necessarily secret or undisclosed to people when they buy this model of refrigerator, but I certainly wouldn\u2019t have expected that if I were under investigation, a police officer\u2014with a warrant, of course\u2014could see my hungry face each time I opened my fridge hunting for cheese. Samsung didn\u2019t reply to our request for comment, but it\u2019s following pretty standard practices within the world of IoT. Many of these sorts of devices access and store similar types of data.<\/p>\n Devices don\u2019t even have to be particularly sophisticated to prove helpful in criminal investigations, according to Watson and Epifani.<\/p>\n Both of them have both worked on devices more discreet than smart fridges. Once, VTO Labs examined a circuit board from an ocean buoy in an effort to find out whether it contained any data about the shipping movements of drug traffickers. Watson says that the circuit board revealed a satellite communications provider and, ultimately, the account number associated with a smuggler.<\/p>\n Just to compound the plentiful security and privacy risks, many IoT devices also run on out-of-date, and thus less secure, operating systems, because users rarely remember to update them. \u201cCan you imagine people updating their fridge? No, they don\u2019t<\/em>,\u201d says Epifani.<\/p>\n This problem is only going to grow as we stuff our homes with more and more things that connect to the internet. Recently, the Atlantic<\/em> wrote a great piece<\/a> about the data that smart TVs collect on their couch-bound watchers. My colleague Eileen Guo showed how Roomba vacuums can take invasive pictures<\/a>, in an investigation about how data was collected on people who were testing the products.<\/p>\n Watson is not especially worried about the government or the tech companies spying on you through your thermostat, per se<\/em>. He\u2019s more worried about all the ways your data is being sold and accumulated by data brokers.<\/p>\n \u201cThat\u2019s where the risks are that people don\u2019t understand: if my bed tracks my sleep and tracks my heart rate, and that company is selling off this information to an insurance company that realizes you have a near cardiac event every time you go to sleep, or that you have sleep apnea or whatever<\/em>,\u201d he says.<\/p>\n \u201cThe more technology encroaches into our lives in every facet, we lose the ability to have any measure of control over where it\u2019s going, how much is collected, who\u2019s getting their hands on it, and what they are doing with it<\/em>.\u201d<\/p>\n Author: Tate Ryan-Mosley, in <\/em>The Technology Review (MIT)<\/em><\/p>\n <\/p>\n yogaesoteric <\/p>\n","protected":false},"excerpt":{"rendered":" Do you know how many internet-connected devices there are inside your home? I certainly don\u2019t. These days, it could be almost anything: a thermostat, a TV, a lightbulb, an air conditioner, or a refrigerator. But what I do know, thanks to some of the conversations I\u2019ve had over the past few weeks, is just how […]<\/p>\n","protected":false},"author":5,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[1620],"tags":[],"class_list":["post-124754","post","type-post","status-publish","format-standard","hentry","category-the-threat-of-artificial-intelligence"],"_links":{"self":[{"href":"https:\/\/yogaesoteric.net\/en\/wp-json\/wp\/v2\/posts\/124754","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/yogaesoteric.net\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/yogaesoteric.net\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/yogaesoteric.net\/en\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/yogaesoteric.net\/en\/wp-json\/wp\/v2\/comments?post=124754"}],"version-history":[{"count":1,"href":"https:\/\/yogaesoteric.net\/en\/wp-json\/wp\/v2\/posts\/124754\/revisions"}],"predecessor-version":[{"id":124758,"href":"https:\/\/yogaesoteric.net\/en\/wp-json\/wp\/v2\/posts\/124754\/revisions\/124758"}],"wp:attachment":[{"href":"https:\/\/yogaesoteric.net\/en\/wp-json\/wp\/v2\/media?parent=124754"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/yogaesoteric.net\/en\/wp-json\/wp\/v2\/categories?post=124754"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/yogaesoteric.net\/en\/wp-json\/wp\/v2\/tags?post=124754"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\nJune 25, 2023<\/strong><\/p>\n