A new study released by Noah Apthorpe*, Dillon Reisman, Srikanth Sundaresan, Arvind Narayanan, and Nick Feamster, researchers at Princeton University reveals that many smart home devices when left on all the time can provide IPS with the usage information that may seem invasive to most.
The study demonstrates that an ISP or another network observer can access activities by analyzing “Internet traffic from smart homes containing commercially-available IoT devices even when the devices use encryption.” And that we have very little control how this information may be used and resold to since the reversal of the Broadband Privacy Rule by both Congress and the House. In other words, our data is up for grab for the highest bidder.
Home devices such as those beneath can increase your risks:
1. Sense Sleep Monitor 2. Nest Cam Indoor security camera. 3. Amcrest WiFi Security IP Camera .
4. Belkin WeMo switch. 5. TP-Link WiFi Smart Plug ]. 6. Orvibo Smart WiFi Socket .
7. Amazon Echo
On the other hands, there is some good news. You can do something about it!
Since encryption isn’t enough, what else can you do? The researchers discovered that there are several successful strategies for mitigating the privacy risks associated with smart home device traffic. including blocking, tunneling, and rate-shaping. The experiment shows that traffic shaping can effectively and practically mitigate many privacy risks associated with smart home IoT devices.
Preventive measures include blocking, tunneling, and rate-shaping.
We find that 40KB/s extra bandwidth usage is enough to protect user activities from a passive network adversary. This bandwidth cost is well within the Internet speed limits and data caps for many smart homes.
To read and download the whole study, click here.
Subscribe to our newsletter! We love hearing back from you and read your comments and suggestions.
*Corresponding Author: Noah Apthorpe: Princeton University, E-mail: firstname.lastname@example.org Dillon Reisman: Princeton University, E-mail: email@example.com Srikanth Sundaresan: Princeton University, E-mail: firstname.lastname@example.org Arvind Narayanan: Princeton University, E-mail: email@example.com Nick Feamster: Princeton University, E-mail: firstname.lastname@example.org