The UnboxingIoTPrivacy research project focuses on systematically analysing the privacy characteristics of IoT devices to educate consumers.
Duesseldorf, January 23rd, 2024 – Smart devices that are constantly connected to the internet are becoming the norm in the home. These include voice assistants, automated and intelligent lighting and heating controls, and even robotic vacuum cleaners. However, few consumers are aware of how these devices process their personal data. A recent research project, funded by the German Federal Ministry of Education and Research and coordinated by the Bonn-Rhein-Sieg University of Applied Sciences, is bringing together experts from academia and industry to achieve greater transparency in the use of smart devices. In addition to the University of Göttingen and the Independent Center for Data Protection Schleswig-Holstein, the German company ONEKEY – a specialist in firmware analysis of IoT devices – is providing insight into how modern household helpers and everyday objects deal with privacy. “While consumers focus on the practical use of such devices, we specifically analyse what the internal software of a robot vacuum cleaner or smart TV, for example, means for the user’s privacy. After all, it is not uncommon for private data to be vacuumed as well as dust, and a smart TV often knows more about the user than the occupants of the apartment next door,” says Jan Wendenburg, CEO of ONEKEY. The German company ONEKEY has been researching cybersecurity vulnerabilities in smart products and industrial control systems used in Industry 4.0 for years, working closely with manufacturers and industrial users.
What do smart devices know about the user?
The UnboxingIoTPrivacy project aims to help consumers understand what happens to their private data, voice recordings, and home information before they buy these devices. For example, do smart TVs or voice assistants listen to private conversations, does the robot vacuum cleaner monitor the home, or can smart devices be used by criminals? Professor Luigi Lo Iacono of the Bonn-Rhein-Sieg University of Applied Sciences knows that consumers have often been unable to find answers to these questions: “New devices are constantly coming onto the market, especially in the smart home sector. There are so many of them, and at such a fast pace, that no single institution is able to test all their functions,” says the scientist. In the joint project “UnboxingIoTPrivacy”, the researchers, together with the ONEKEY team, want to systematically analyse the privacy-relevant features, present them in an understandable and comprehensible way, and make them available to potential buyers.
Setting up an online platform
Knowledge of the risks associated with the use of IoT products must be made transparent in order to guarantee people’s right to informational self-determination: “In Germany, everyone can decide for themselves how their personal data is disclosed and used. However, this is only possible if the relevant information is available and understandable. Research can and must play an important role here,” says project manager Lo Iacono. A dedicated online platform will be set up to allow tech-savvy people to actively participate in the project. A special privacy label will also be developed to give lay people a quick overview of the privacy features of smart devices. “This initiative is an important contribution to the empowered and informed use of modern and smart technologies by citizens. We are pleased to be able to contribute to this with our analysis platform and the wealth of experience from several thousand analysed firmwares,” says Jan Wendenburg, CEO of ONEKEY.
About UnboxingIoTPrivacy:
“UnboxingIoTPrivacy is a joint research project of the University of Applied Sciences Bonn-Rhein-Sieg, the University of Göttingen, the Independent Centre for Data Protection Schleswig-Holstein and ONEKEY GmbH. It is funded by the German Federal Ministry of Education and Research with approximately 1.45 million euros. The project profile can be found at https://www.forschung-it-sicherheit-kommunikationssysteme.de/projekte/unboxingiotprivacy.
