An Examination of Real-World Data Leakage from IoT Devices

Alan Ibbett

Research output: ThesisDoctoral Thesis

559 Downloads (Pure)


In 2021, the Australian Centre to Counter Child Exploitation received more than 33000 reports of online child sexual exploitation (ACCCE, 2021). At that time, over 80% of Australian children aged 14–17 years owned a smartphone (OAIC, 2020). High rates of smartphone ownership are associated with high rates of leakage of sensitive information. A child’s time and location patterns are enough to enable someone to build an accurate profile of the child; however, children feel that their devices keep their information secure.

One area of Computing Science that has developed rapidly is the interconnection and networking of computing devices, in particular the networking of small, independent, devices and objects. This strand of computing is known as the Internet of Things or IoT. The IoT describes a class of small, often mobile devices that are interconnected by various networking technologies that provide direct machine-to-machine communications. The IoT can include mobile phones, tablets, fitness trackers, laptop computers and other similar personal computing devices. These devices can often interact with other IoT devices such as surveillance cameras, “smart toys” and other devices.

The research presented in this thesis examines a particularly vulnerable group of users, secondary school students. The research used a survey to discover what students know about how their devices work, whether students change the default settings on their devices, and what sort of data leakage scenarios they may be concerned about. At the same time as the survey was being conducted, a distributed sensor network (DSN) was created and installed around the school to monitor the data being leaked from IoT devices to see if students’ concerns could be found in the real world.

The next stage in the research was to present the results of both the survey and monitoring to the students. Participants then received training on how to change common default settings to reduce data leakage. Finally, the student survey was repeated and the monitoring continued to look for a change in the amount of data leaked.

The survey revealed that students were not fully aware of how the technology in their devices worked and that often the default settings were kept without change. The survey also revealedthat the students were very concerned about their location being tracked by a stranger without their knowledge. The data monitoring using the DSN revealed that often it was easy to identify not only the brand of device, but the owner of that device, and it was possible to build up a complete map of the owners’ movements over time.

When presented with the results of the survey, monitoring and some techniques for changing these defaults, users did make changes to their device settings so that less information was leaked.

By collecting real data from students and their devices it was possible to create a presentation directed to those users that was able to resonate with their level of knowledge and their concerns. The outcome of the presentation was to bring about a real change in the way students’ devices were configured to improve student privacy and reduce data leakage. The methodology developed in this research can be used to create individualised, evidence-based lessons for other school cohorts.
Original languageEnglish
QualificationDoctor of Information Technology
Awarding Institution
  • Charles Sturt University
  • Al-Saggaf, Yeslam, Principal Supervisor
Place of PublicationAustralia
Publication statusPublished - 2022


Dive into the research topics of 'An Examination of Real-World Data Leakage from IoT Devices'. Together they form a unique fingerprint.

Cite this