Building a model for risk assessment on smart devices
2019.
Gau, Caroline, Eray Kip,
Eren Sensoy & Edjinam Siliadin
Developed as part of the European Project Semester at OsloMet, this project focused on developing a risk assessment model for smart devices, aiming to tackle the increasing security risks of connected devices within a home. The project aimed to provide a public-facing tool, targeting expert users and also global consumers, to help educate them on the risks of IoT devices within a smart home.
Findings
The project resulted in a comprehensive risk assessment model that addresses connectivity, data transmission, authentication, data storage, and update procedures.
Testing the model across different types of smart devices, with different families, revealed variability in security practices among manufacturers. The analysis highlighted gaps in data availability, especially for devices from smaller companies, where information on features necessary for the assessment was often obscured.
The assessment identified three primary risk categories for users: privacy violations, cyber-criminality, and information shortage.
Recommendations
These findings underscore the need for consumers to be proactive about their smart device security, and for manufacturers to adopt more visible and accessible security information. The project recommends further development of the risk assessment model to make it more accessible to average consumers. The paper also suggests that additional expert input could help iterate the model, and acknowledges that flexibility in design is important.
The team recommends that the risk assessment be used in the form of an interactive website or application, which could store a consumer’s previous risk assessments and provide additional information on protecting oneself. Finally, the paper recommends the guide be openly published in its current form.