Never Ending Story: Authentication and Access Control Design Flaws in Shared IoT Devices

Janes, Blake; Crawford, Heather; OConnor, TJ

doi:10.1109/spw50608.2020.00033

Cited by 17 publications

(22 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…More recently, scholars such as Leitão (2019), Slupska (2019), andJanes et al (2020) have added to this burgeoning, IoT-specific literature and helped to uncover why in-home privacy security threats deriving from smart systems require closer attention. For instance, in many cases the usability of smart devices is limited due to the restricted user interface that is available, and proposed security and privacy recommendations often conflict with each other when examined across the three different abuse phases (i.e., physical control, escape, life apart) (Alshehri et al, 2020;Matthews et al, 2017;.…”

Section: Introductionmentioning

confidence: 99%

“…For instance, in many cases the usability of smart devices is limited due to the restricted user interface that is available, and proposed security and privacy recommendations often conflict with each other when examined across the three different abuse phases (i.e., physical control, escape, life apart) (Alshehri et al, 2020;Matthews et al, 2017;. Besides, devices often suffer from flaws that enable unauthorised access, with such a deficiency of transparency endangering particularly vulnerable groups and communities (Janes et al, 2020). In addition, researchers exposed a lack of awareness on IoT-facilitated tech abuse across support services such as voluntary sector organisations like refuges and charities, and statutory service bodies such as law enforcement (Mayhew and Jahankhani, 2020;Tanczer et al, 2018b), which limits the support affected victims/survivors can expect.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

‘I feel like we’re really behind the game’: perspectives of the United Kingdom’s intimate partner violence support sector on the rise of technology-facilitated abuse

Tanczer

López-Neira

Parkin

2021

Journal of Gender-Based Violence

View full text Add to dashboard Cite

Technology-facilitated abuse or ‘tech abuse’ in intimate partner violence (IPV) contexts describes the breadth of harms that can be enacted using digital systems and online tools. While the misappropriation of technologies in the context of IPV has been subject to prior research, a dedicated study on the United Kingdom’s IPV support sector has so far been missing. The present analysis summarises insights derived from semi-structured interviews with 34 UK voluntary and statutory sector representatives that were conducted over the course of two years (2018–2020). The analysis identifies four overarching themes that point out support services’ practices, concerns and challenges in relation to tech abuse, and specifically the Internet of Things (IoT). These themes include (a) technology-facilitated abuse, where interviewees outline their experiences and understanding of the concept of tech abuse; (b) IoT-enabled tech abuse, focusing on the changing dynamics of tech abuse due to the continuing rise of smart consumer products; (c) data, documentation and assessment, that directs our attention to the shortcomings of existing risk assessment and recording practices; and (d) training, support and assistance, in which participants point to the need for specialist support capabilities to be developed within and beyond existing services. Key messages <ul><li>UK statutory and voluntary support services do not feel well equipped to respond to tech abuse.</li> <li>Shortcomings in documentation and assessment practices make it difficult to estimate the full scale and nature of tech abuse.</li> <li>Tech abuse training and other support mechanisms are needed to amplify the UK sector’s ability to assist IPV victims/survivors.</li></ul>

show abstract

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

‘I feel like we’re really behind the game’: perspectives of the United Kingdom’s intimate partner violence support sector on the rise of technology-facilitated abuse

Tanczer

López-Neira

Parkin

2021

Journal of Gender-Based Violence

View full text Add to dashboard Cite

show abstract

“…The increasing drive to expand the connectivity of devices and provide centralised hubs such as smart speakers creates nodes that are "information goldmines" for perpetrators. In addition, research has shown that IoT manufacturers do not provide transparency and the necessary prompts to flag up to IoT device users the breadth of connections and access controls they have agreed to (Janes et al, 2020;Parkin et al, 2019). People may not remember with whom they have shared credentials, and they may have no easy way of checking this which can provide avenues for abusers to continue to spy on their family or ex-partner covertly and over an extended period of time.…”

Section: Centralisationmentioning

confidence: 99%

“…Previous studies have indicated a range of interventions that device manufacturers can implement to improve the usability of IoT devices in ways that will benefit victims and survivors. These include suggestions mentioned above, plus more accessible and navigable user interfaces, improvements to the usability of privacy and security controls, enforced authentication requirements, and the ability to review historical queries and actions (Janes et al, 2020;Parkin et al, 2019;Leitão, 2019).…”

Section: Usabilitymentioning

confidence: 99%

“…However, our understanding and awareness of tech abuse facilitated through IoT is still in its infancy. Internationally, only a handful of scholars and a selected number of support organisations have begun to explicitly address this topic (Slupska, 2019;Janes, Crawford, & OConnor, 2020;Mayhew & Jahankhani, 2020;Parkin et al, 2019;Leitão, 2019;Rodríguez-Rodríguez et al, 2020;Slupska & Tanczer, forthcoming).…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Datta Burton, S; Tanczer, LM; Vasudevan, S; Hailes, S; Carr, M; (2021) The UK Code of Practice for Consumer IoT Cybersecurity: where we are and what next

View full text Add to dashboard Cite

show abstract

IoT malware detection using static and dynamic analysis techniques: A systematic literature review

Kumar,

Ahlawat,

Sahni

2024

Security and Privacy

View full text Add to dashboard Cite

The Internet of Things (IoT) is reshaping the world with its potential to support new and evolving applications in areas, such as healthcare, automation, remote monitoring, and so on. This rapid popularity and growth of IoT‐based applications coincides with a significant surge in threats and malware attacks on IoT devices. Furthermore, the widespread usage of Linux‐based systems in IoT devices makes malware detection a challenging task. Researchers and practitioners have proposed a variety of techniques to address these threats in the IoT ecosystem. Both researchers and practitioners have proposed a range of techniques to counter these threats within the IoT ecosystem. However, despite the multitude of proposed techniques, there remains a notable absence of a comprehensive and systematic review assessing the efficacy of static and dynamic analysis methods in detecting IoT malware. This research work is a systematic literature review (SLR) that aims to offer a concise summary of the latest advancements in the field of IoT malware detection, specifically focusing on the utilization of static and dynamic analytic techniques. The SLR focuses on examining the present status of research, methodology, and trends in the area of IoT malware detection. It accomplishes this by synthesizing the findings from a wide range of scholarly works that have been published in well‐regarded academic journals and conferences. Additionally, the SLR highlights the significance of the empirical process that includes the role of selecting datasets, accurate feature selection and the utilization of machine learning algorithms in enhancing the detection accuracy. The study also evaluates the capability of different analysis techniques to detect malware and compares the performance of various models for IoT malware detection. Furthermore, the review concluded by addressing several open issues and challenges that the research community as a whole must address.

show abstract

Never Ending Story: Authentication and Access Control Design Flaws in Shared IoT Devices

Cited by 17 publications

References 10 publications

‘I feel like we’re really behind the game’: perspectives of the United Kingdom’s intimate partner violence support sector on the rise of technology-facilitated abuse

‘I feel like we’re really behind the game’: perspectives of the United Kingdom’s intimate partner violence support sector on the rise of technology-facilitated abuse

Datta Burton, S; Tanczer, LM; Vasudevan, S; Hailes, S; Carr, M; (2021) The UK Code of Practice for Consumer IoT Cybersecurity: where we are and what next

IoT malware detection using static and dynamic analysis techniques: A systematic literature review

Contact Info

Product

Resources

About