Human-as-a-Sensor: where the IoT and physical safety meet
The security of the Internet of Things (IoT) is a constant topic of discussion, with the focus typically on the devices it connects. However, the IoT also intersects with the worlds of law enforcement and public safety, and that connection has been growing in recent years.
Though not yet well known, the Human-as-a-Sensor (HaaS) paradigm is one worth focusing on. Unlike much of what we talk about with the IoT, HaaS doesn’t rely on automated sensors at all — instead, it’s based on people reporting incidents they witness through mobile apps. Law enforcement is then able to aggregate this data in order to build a better sense of the emergencies at hand, and which ones to respond to first.
As you might expect, this technology is not without its cybersecurity threats. A team of researchers from the University of Greenwich set out to determine the exact ways in which cybercriminals can manipulate HaaS, and how law enforcement can ensure that it gets credible real-time information. Three of the key threats are as follows:
- Location spoofing: “Would-be attackers are able to send false reports that would appear to originate from any specific physical location of their choice.” This can throw responders off the trail of the crime.
- DDoS attacks: “Network-based denial of service attacks against mobile devices can result in crime report messages being queued or dropped completely when network connectivity is lost or saturated.”
- GPS spoofing: “Here, the location is spoofed not programatically, but by generating fake GPS signals using a software-defined radio (SDR) transmitter.”
As for how to combat these threats, the researchers had a few ideas. Doing so isn’t simple, determining whether a device is under attack or not doesn’t give law enforcement a sense of whether any of the data is useful. “A more practical approach would be to utilise the class probability of a report (i.e., the likeliness of the device being under attack / an attacker or not) to evaluate a mobile device’s cyber trustworthiness.”
The trick, according to the researchers, is to score reports based on features of the mobile device that can be monitored in real time. For example, CPU and RAM usage can be a clue – random upticks when the phone isn’t being used are red flags. Location accuracy is another since location services can be compared to Wi-Fi and Bluetooth information.