Story image

Princeton study wants to know if you have a smart home - or a spy home

16 Apr 2019

The IoT research team at Princeton University wants to know how your IoT devices send and receive data not only to each other, but also to any other third parties that may be involved.

A new study aims to analyse the risks of smart devices, from the humble smartphone right up to TVs, smart bulbs, plugs, sensors, smart speakers, Alexa, Google Home, Amazon Echo, security cameras, and any other internet-connected device used in the home.

Researchers want to explore risks in terms of their security and privacy, as well as bandwidth risk that could slow down the home’s internet connection.

The researchers are offering a tool called the IoT inspector, which is available to anyone who wants to participate in the research.

“Our goal is to measure and visualise these risks, both for research and for the user. To this end, we release IoT Inspector — an open-source software that you can download to inspect your home network and identify any privacy, security, and performance problems associated with your IoT devices,” the researchers state.

The IoT Inspector collects and transmits information about devices connected to the home network. The information includes:  Who the IoT device contacts through the internet and whether the contact is malicious or a known user tracker; how much data is exchanged; and how often data is exchanged.

That information is used to provide transparency into IoT devices, including whether those devices are sharing information with third parties; whether the devices have been hacked or used in DDoS attacks; and whether the devices are slowing down a home network.

The IoT Inspector doesn’t collect information about devices’ network activities, the contents of the communication, or personally identifiable information like network IP addresses, or names and emails.

Those who are keen to use IoT Inspector but want to exclude particular devices from monitoring must either power the devices down while setting up IoT Inspector, or specify the device’s exact MAC address. 

There may be a few side effects of running IoT Inspector on your device. Those effects include a drop in network performance (it may slow your network down); bugs and errors; and data breaches in the event that the university’s secure server is compromised. 

“An attacker will have access to this form and the collected data. However, the attacker will be unable to infer what IoT devices you own (because the attacker would not know the real-world identities behind each device), and what you do with your devices,” the researchers state.

IoT Inspector can only run on macOS at this stage – Windows and Linux users have to go on a Waitlist.  IoT Inspector can’t run on tablets or smartphones. If you’re interested, find out more by going to https://iot-inspector.princeton.edu/

Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.
McAfee announces Google Cloud Platform support
McAfee MVISION Cloud now integrates with GCP Cloud SCC to help security professionals gain visibility and control over their cloud resources.
Scammers targeting more countries in sextortion scam - ESET
The attacker in the email claims they have hacked the intended victim's device, and have recorded the person while watching pornographic content.
Cryptojacking and failure to patch still major threats - Ixia
Compromised enterprise networks from unpatched vulnerabilities and bad security hygiene continued to be fertile ground for hackers in 2018.
Princeton study wants to know if you have a smart home - or a spy home
The IoT research team at Princeton University wants to know how your IoT devices send and receive data not only to each other, but also to any other third parties that may be involved.
Organisations not testing incident response plans – IBM Security
Failure to test can leave organisations less prepared to effectively manage the complex processes and coordination that must take place in the wake of an attack.
65% of manufacturers run outdated operating systems – Trend Micro
The report highlights the unique triple threat facing manufacturing, including the risks associated with IT, OT and IP.
WikiLeaks' Julian Assange arrested in London
There’s little doubt that it’s a day of reckoning for WikiLeaks cofounder Julian Assange today, after his seven-year long protection inside London’s Ecquador Embassy came to an abrupt end.