Abstract
The emerging connected, low-cost, and easy-to-use air quality monitoring systems have enabled a paradigm shift in the field of air pollution monitoring. These systems are increasingly being used by local government and non-profit organizations to inform the public, and to support decision making related to air quality. However, data integrity and system security are rarely considered during the design and deployment of such monitoring systems, and such ignorance leaves tremendous room for undesired and damaging cyber intrusions. The collected measurement data, if polluted, could misinform the public and mislead policy makers. In this paper, we demonstrate such issues by using a.com, a popular low-cost air quality monitoring system that provides an affordable and continuous air quality monitoring capability to broad communities. To protect the air quality monitoring network under this investigation, we denote the company of interest as a.com. Through a series of probing, we are able to identify multiple security vulnerabilities in the system, including unencrypted message communication, incompetent authentication mechanisms, and lack of data integrity verification. By exploiting these vulnerabilities, we have the ability of “impersonating” any victim sensor in the a.com system and polluting its data using fabricated data. To the best of our knowledge, this is the first security analysis of low-cost and connected air quality monitoring systems. Our results highlight the urgent need in improving the security and data integrity design in these systems.
Highlights
As one of the largest environmental health risk factors, exposure to air pollution, indoor air pollution, is associated with millions of premature deaths every year worldwide [1,2,3,4,5].air pollution is considered as the second leading cause of deaths due to non-communicable disease, only exceeded by tobacco smoking [6].For proper management of air quality, the availability of measurement data on the spatial and temporal distributions of pollution concentrations is critical
Concentrations of criteria pollutants are collected by regulatory agencies at a network of stationary monitoring stations using federal reference methods (FRM) or federal equivalent methods (FEM)
We find that data integrity and system security are rarely considered during the design and deployment of low-cost and connected air quality monitoring systems, and such ignorance leaves tremendous room for unwelcome and damaging cyber intrusions
Summary
Air pollution is considered as the second leading cause of deaths due to non-communicable disease, only exceeded by tobacco smoking [6]. For proper management of air quality, the availability of measurement data on the spatial and temporal distributions of pollution concentrations is critical. Instruments with FRM or FEM designations have been extensively evaluated using strict testing protocols [7], and are able to produce reliable concentration measurements. These instruments are generally bulky, Sensors 2018, 18, 4451; doi:10.3390/s18124451 www.mdpi.com/journal/sensors
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
