+

THE NEW ERA OF IOT SURVEILLANCE

The use of IoT at a personal level might not be too dangerous, but we must acknowledge that the threat of electronic surveillance, although rare, is very real and possible.

“Hey Siri”, “Hi Alexa”—these commands come naturally to even children as young as 5-6 years now. Most things in today’s time are done in a smart way on smart platforms. It is revolutionary, the 4.0 stage of the smart world, tasks being executed with just a command—welcome to Gen Z.

Their convenience has made the Internet of Things (IoT) systems, connected devices which include cars, health applications, home security, other electronics being able to function remotely with the help of smartphones, a prerequisite of the modern lifestyle. IoT data is time-series structured data, instead of the popular Key-Value storage, TDengine adopts structured data storage. It has become an integral part of our lives, especially in the urban setup, to manage and monitor daily activities. But with all this, are we aware of how we are being watched and what for?

Recently, Consumer Watchdog called on the Federal Trade Commission to investigate and take action against Amazon for deceptively recording consumers and their children with its Echo digital assistant. Consumer Watchdog requested the investigation for the second time in two years, following a formal complaint in December of 2017, based on its study that showed that Amazon and Google had submitted patents to spy on its customers when the devices were supposed to not be on. The study, “Home Invasion”, had found an Amazon patent on deriving sentiments and behaviours from ambient speech, even when a user has not addressed the device. It also found patents for listening for flushed toilets, inferring children’s misbehaviour, and marketing to kids at their bedsides. In response to the study, Amazon and Google claimed that their patent applications were only exploratory and that the digital assistants only recorded conversations after being intentionally triggered. However, recent news reports have revealed that Amazon misled the public because its smart devices record conversations even when unprompted by the wake word, “Alexa.”

The expanded utilisations of IoT devices with monitoring capabilities have no room for privacy. The major concern is the problem of attackers who utilise either hidden or compromised IoT devices to spy on users. The challenge of automatically identifying devices that are streaming privacy-intruding information about a user despite the presence of both encryption and a large number of wirelessly connected devices within range of the user is the encountering taken up by the anti-spy cyber companies. They offer some of the best tools and applications available to safeguard privacy. To name a few: Super Anti Spyware provides excellent protection against adware, trojans, rootkits and other spyware; Spyware Blaster is good at blocking ActiveX malware; and Spybot prevents spyware by keeping track of usage tracks.

While these tools may protect individuals at a personal level or help with in-house office management, a bigger threat lies in professional or industrial espionage. It is propagating very quickly now and now represents a major risk to the intellectual assets and property of many companies. There are counter espionage services to tackle this though. These services look into aspects like the encryption of communications, secure data storage, Technical Surveillance Counter Measures (TSCM) and sweeps, and internal and external security reviews. Organisations need threat-modelled and risk-informed platforms to specifically tackle advanced and persistent threats from espionage, and then apply a broad range of technical and consulting solutions, including surveillance and monitoring.

The anti-surveillance services which are readily available in the market can be employed for keeping checks on critical chambers (senior management cabins, conference/meeting rooms, board rooms, etc.) to detect the presence of electronic eavesdropping devices and prevent leakage of sensitive information. These chambers should be checked routinely for unauthorised audio or video listening devices and faulty telephone line/instrument and audio leakage. There are trained and experienced professionals using state-of-the-art detection equipment which can be deployed in the critical areas of organisations. The understanding of the existing radio transmission ecosystem in the vicinity of the premises is of prime importance too before beginning the actual assessment of operations. The professional assessment undertaken by security agencies adopts a ‘detection’ approach to identify and zoom in on any existing threats of audio or video surveillance devices, thereby ensuring a safe and sound working environment, away from getting compromised.

However, the fact that we carry our own smartphones and computers everywhere is also a double-edged sword. It is a boon which can turn into a curse at any time with hackers barging in at their convenience. Their techniques include wireless tapping technology, which is highly developed. It can extend to very low frequency, extremely high frequency and digital areas. In fact, its operation methods are so sophisticated that in some cases they are designed in a way which lets detectors find the bug and believe that detection is over. However, the real bug is hidden somewhere deeply, which is next to impossible to find without professional help. Therefore, the screening and addition of sophisticated anti-spyware apart from anti-malware is crucial.

To conclude, we are living in a technological age where information can be considered a lethal weapon, if it is compromised. The use of IoT at a personal level might not be too dangerous, but we must acknowledge that the threat of electronic surveillance, although rare, is very real and possible. My take on things is that the usage of IoT can, and will, continue, but people must be more conscious about it. If anyone is truly determined to hear us, they will and we would probably never know about it. However, we can stay safe if we wish to with a few steps which can help us determine whether our homes, offices and vehicles are under surveillance by unknown intruders. Nevertheless, the smart ways of IoT should definitely be used to the best of its functionality but vigilant measures for safeguarding privacy will ensure the productivity and progress of IoT platforms as well as the peace of mind of users.

Captain Priti Sidharth Singh is a commercial pilot flying Boeing 737-700/800/900, logged seven thousand hours on JET serving as Senior Commander (Line Training Captain) at Air India Express, and is also active in Social and Development National Organisations. She is currently pursuing a PhD from IIT.

Tags: