SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Princeton study wants to know if you have a smart home - or a spy home
Tue, 16th Apr 2019
FYI, this story is more than a year old

The IoT research team at Princeton University wants to know how your IoT devices send and receive data not only to each other, but also to any other third parties that may be involved.

A new study aims to analyse the risks of smart devices, from the humble smartphone right up to TVs, smart bulbs, plugs, sensors, smart speakers, Alexa, Google Home, Amazon Echo, security cameras, and any other internet-connected device used in the home.

Researchers want to explore risks in terms of their security and privacy, as well as bandwidth risk that could slow down the home's internet connection.

The researchers are offering a tool called the IoT inspector, which is available to anyone who wants to participate in the research.

“Our goal is to measure and visualise these risks, both for research and for the user. To this end, we release IoT Inspector — an open source software that you can download to inspect your home network and identify any privacy, security, and performance problems associated with your IoT devices,” the researchers state.

The IoT Inspector collects and transmits information about devices connected to the home network. The information includes:  Who the IoT device contacts through the internet and whether the contact is malicious or a known user tracker; how much data is exchanged; and how often data is exchanged.

That information is used to provide transparency into IoT devices, including whether those devices are sharing information with third parties; whether the devices have been hacked or used in DDoS attacks; and whether the devices are slowing down a home network.

The IoT Inspector doesn't collect information about devices' network activities, the contents of the communication, or personally identifiable information like network IP addresses, or names and emails.

Those who are keen to use IoT Inspector but want to exclude particular devices from monitoring must either power the devices down while setting up IoT Inspector, or specify the device's exact MAC address.

There may be a few side effects of running IoT Inspector on your device. Those effects include a drop in network performance (it may slow your network down); bugs and errors; and data breaches in the event that the university's secure server is compromised.

“An attacker will have access to this form and the collected data. However, the attacker will be unable to infer what IoT devices you own (because the attacker would not know the real-world identities behind each device), and what you do with your devices,” the researchers state.

IoT Inspector can only run on macOS at this stage – Windows and Linux users have to go on a Waitlist.  IoT Inspector can't run on tablets or smartphones. If you're interested, find out more by going to https://iot-inspector.princeton.edu/