Another Look at Privacy-Preserving Automated Contact Tracing

In the current COVID-19 pandemic, manual contact tracing has been proven to be very helpful to reach close contacts of infected users and slow down spread of the virus. To improve its scalability, a number of automated contact tracing (ACT) solutions have been proposed, and some of them have been deployed. Despite the dedicated efforts, security and privacy issues of these solutions are still open and under intensive debate. In this article, we examine the ACT concept from a broader perspective, by focusing on not only security and privacy issues but also functional issues such as interface, usability, and coverage. We first elaborate on these issues and particularly point out the inevitable privacy leakages in existing Bluetooth Low Energy based ACT solutions, including centralized and decentralized ones. In addition, we examine the existing venue-based ACT solutions and identify their privacy and security concerns. Then, we propose a generic venue-based ACT solution and a concrete instantiation based on Bluetooth Low Energy technology. Our solution monitors users’ contacting history only in virus-spreading-prone venues and offers higher-level protection for both security and privacy than its predecessors. Finally, we evaluate our solution from security, privacy, and efficiency perspectives, and also highlight how to reduce false positives in some specific indoor environments.

A Review on Security and Privacy Issues in IoT Devices

In our everyday lives, the IoT is everywhere. They are used for the monitoring and documentation of environmental improvements, fire safety and even other useful roles in our homes, hospitals and the outdoors. IoT-enabled devices that are linked to the internet transmit and receive a large amount of essential data over the network. This provides an opportunity for attackers to infiltrate IoT networks and obtain sensitive data. However, the risk of a loss of privacy and security could outweigh any of these benefits. Many tests have been carried out in order to solve these concerns and find a safer way to minimize or remove the effect of IoT technologies on privacy and security practices in order to protect them. The issue with IoT devices is that they have small output modules, making it impossible to adapt current protection methods to them. This constraint necessitates the presentation of lightweight algorithms that enable IoT devices. In this article, investigated the context and identify different safety, protection, and approaches for securing components of IoT-based ecosystems and systems, as well as evolving security solutions. In addition, several proposed algorithms and authentication methods in IoT were discussed in order to avoid various types of attacks while keeping the limitations of the IoT framework in mind. Also discuss some hardware security in IoT devices.

Let the Cat Out of the Bag: Popular Android IoT Apps under Security Scrutiny

The impact that IoT technologies have on our everyday life is indisputable. Wearables, smart appliances, lighting, security controls, and others make our life simpler and more comfortable. For the sake of easy monitoring and administration, such devices are typically accompanied by smartphone apps, which are becoming increasingly popular, and sometimes are even required to operate the device. Nevertheless, the use of such apps may indirectly magnify the attack surface of the IoT device itself and expose the end-user to security and privacy breaches. Therefore, a key question arises: do these apps curtail their functionality to the minimum needed, and additionally, are they secure against known vulnerabilities and flaws? In seek of concrete answers to the aforesaid question, this work scrutinizes more than forty chart-topping Android official apps belonging to six diverse mainstream categories of IoT devices. We attentively analyse each app statically, and almost half of them dynamically, after pairing them with real-life IoT devices. The results collected span several axes, namely sensitive permissions, misconfigurations, weaknesses, vulnerabilities, and other issues, including trackers, manifest data, shared software, and more. The short answer to the posed question is that the majority of such apps still remain susceptible to a range of security and privacy issues, which in turn, and at least to a significant degree, reflects the general proclivity in this ecosystem.

Data privacy during pandemics: a systematic literature review of COVID-19 smartphone applications

Background On January 8, 2020, the Centers for Disease Control and Prevention officially announced a new virus in Wuhan, China. The first novel coronavirus (COVID-19) case was discovered on December 1, 2019, implying that the disease was spreading quietly and quickly in the community before reaching the rest of the world. To deal with the virus’ wide spread, countries have deployed contact tracing mobile applications to control viral transmission. Such applications collect users’ information and inform them if they were in contact with an individual diagnosed with COVID-19. However, these applications might have affected human rights by breaching users’ privacy. Methodology This systematic literature review followed a comprehensive methodology to highlight current research discussing such privacy issues. First, it used a search strategy to obtain 808 relevant papers published in 2020 from well-established digital libraries. Second, inclusion/exclusion criteria and the snowballing technique were applied to produce more comprehensive results. Finally, by the application of a quality assessment procedure, 40 studies were chosen. Results This review highlights privacy issues, discusses centralized and decentralized models and the different technologies affecting users’ privacy, and identifies solutions to improve data privacy from three perspectives: public, law, and health considerations. Conclusions Governments need to address the privacy issues related to contact tracing apps. This can be done through enforcing special policies to guarantee users privacy. Additionally, it is important to be transparent and let users know what data is being collected and how it is being used.

Virtual Environments as Enablers of Civic Awareness and Engagement

The wide availability of accurate sensors currently hosted by smartphones are enabling new participative urban management opportunities. Mobile crowdsensing (MCS) allows people to actively participate in any aspect of urban planning, by collecting and sharing data, reporting issues to public administrations, proposing solutions to urban planners, and delivering information of potential social interest to their community. Although collected data can be very helpful to enhance the quality of life of citizens, mobile users are still reluctant to use their devices to take advantages of the opportunities offered by the digitized society, mainly due to privacy issues. From August to December 2018, the city of Florianópolis, capital of Santa Catarina, in southern Brazil, was used as a living lab environment for an MCS application called ParticipACT Brazil, a socio/technical-aware crowdsensing platform. While the current literature focuses on MCS from a purely technical point of view, this research demonstrated that a multidisciplinary approach that includes both human sciences and ICT is needed in order to better identify critical issues, highlights the untapped potential of MCS paradigm, and suggests research methodologies that could provide benefits for all the actors involved (researchers, public administrators, and citizens).