The UnboxingIoTPrivacy research project focuses on systematically analysing the privacy characteristics of IoT devices to educate consumers.
Duesseldorf, January 23rd, 2024 – Smart devices that are constantly connected to the internet are becoming the norm in the home. These include voice assistants, automated and intelligent lighting and heating controls, and even robotic vacuum cleaners. However, few consumers are aware of how these devices process their personal data. A recent research project, funded by the German Federal Ministry of Education and Research and coordinated by the Bonn-Rhein-Sieg University of Applied Sciences, is bringing together experts from academia and industry to achieve greater transparency in the use of smart devices. In addition to the University of Göttingen and the Independent Center for Data Protection Schleswig-Holstein, the German company ONEKEY – a specialist in firmware analysis of IoT devices – is providing insight into how modern household helpers and everyday objects deal with privacy. “While consumers focus on the practical use of such devices, we specifically analyse what the internal software of a robot vacuum cleaner or smart TV, for example, means for the user’s privacy. After all, it is not uncommon for private data to be vacuumed as well as dust, and a smart TV often knows more about the user than the occupants of the apartment next door,” says Jan Wendenburg, CEO of ONEKEY. The German company ONEKEY has been researching cybersecurity vulnerabilities in smart products and industrial control systems used in Industry 4.0 for years, working closely with manufacturers and industrial users.
What do smart devices know about the user?
The UnboxingIoTPrivacy project aims to help consumers understand what happens to their private data, voice recordings, and home information before they buy these devices. For example, do smart TVs or voice assistants listen to private conversations, does the robot vacuum cleaner monitor the home, or can smart devices be used by criminals? Professor Luigi Lo Iacono of the Bonn-Rhein-Sieg University of Applied Sciences knows that consumers have often been unable to find answers to these questions: “New devices are constantly coming onto the market, especially in the smart home sector. There are so many of them, and at such a fast pace, that no single institution is able to test all their functions,” says the scientist. In the joint project “UnboxingIoTPrivacy”, the researchers, together with the ONEKEY team, want to systematically analyse the privacy-relevant features, present them in an understandable and comprehensible way, and make them available to potential buyers.
Setting up an online platform
Knowledge of the risks associated with the use of IoT products must be made transparent in order to guarantee people’s right to informational self-determination: “In Germany, everyone can decide for themselves how their personal data is disclosed and used. However, this is only possible if the relevant information is available and understandable. Research can and must play an important role here,” says project manager Lo Iacono. A dedicated online platform will be set up to allow tech-savvy people to actively participate in the project. A special privacy label will also be developed to give lay people a quick overview of the privacy features of smart devices. “This initiative is an important contribution to the empowered and informed use of modern and smart technologies by citizens. We are pleased to be able to contribute to this with our analysis platform and the wealth of experience from several thousand analysed firmwares,” says Jan Wendenburg, CEO of ONEKEY.
“UnboxingIoTPrivacy is a joint research project of the University of Applied Sciences Bonn-Rhein-Sieg, the University of Göttingen, the Independent Centre for Data Protection Schleswig-Holstein and ONEKEY GmbH. It is funded by the German Federal Ministry of Education and Research with approximately 1.45 million euros. The project profile can be found at https://www.forschung-it-sicherheit-kommunikationssysteme.de/projekte/unboxingiotprivacy.
ONEKEY is the leading European specialist in Product Cybersecurity & Compliance Management and part of the investment portfolio of PricewaterhouseCoopers Germany (PwC). The unique combination of an automated Product Cybersecurity & Compliance Platform (PCCP) with expert knowledge and consulting services provides fast and comprehensive analysis, support, and management to improve product cybersecurity and compliance from product purchasing, design, development, production to end-of-life.
Critical vulnerabilities and compliance violations in device firmware are automatically identified in binary code by AI-based technology in minutes – without source code, device, or network access. Proactively audit software supply chains with integrated software bill of materials (SBOM) generation. “Digital Cyber Twins” enable automated 24/7 post-release cybersecurity monitoring throughout the product lifecycle.
The patent-pending, integrated Compliance Wizard™ already covers the upcoming EU Cyber Resilience Act (CRA) and existing requirements according to IEC 62443-4-2, ETSI EN 303 645, UNECE R 155 and many others.
The Product Security Incident Response Team (PSIRT) is effectively supported by the integrated automatic prioritisation of vulnerabilities, significantly reducing the time to remediation.
Leading international companies in Asia, Europe and the Americas already benefit from the ONEKEY Product Cybersecurity & Compliance Platform and ONEKEY Cybersecurity Experts.
euromarcom public relations GmbH
+49 611 973 150