Smart home devices supply much more personal information than you might imagine – even when the data is encrypted – it appears.
In a study [PDF] of seven popular products, the team from Princeton University in the US decided to dig into how much they could figure out about a person's daily habits just by analyzing the internet traffic their gizmos produce.
It turns out to be quite a lot and, the team noted this month, the recent decision by the FCC, America's comms watchdog, to scrap broadband privacy rules days before they were due to come into effect means that your ISP is able to gather that information with its existing data collection.
Their paper – Spying on the Smart Home: Privacy Attacks and Defenses on Encrypted IoT Traffic – reveals that even when data from devices is encrypted, the metadata can help identify both the device and what it is signaling.
Some devices such as the Nest indoor camera directly communicate with identifiable domain names – in this case 'dropcam.com.' That immediately identifies what the product is, and it is then possible to infer from that and the resulting signal what is happening: whether it has detected motion or whether it is live streaming.
Likewise the Sense sleep monitor, TP‑Link smart plug, and Amazon Echo. Even when the devices communicate with a generic DNS server – like Amazon's AWS service – they typically have a specific IP address that can be used to identify the sensor (the Belkin WeMo switch for example communicated with the very-specific prod1-fs-xbcs-net-1101221371.us-east-1.elb.amazonaws.com address).
By digging into each device's signal, the team was able to figure out with some certainty exactly what was happening: someone was waking up, someone was turning on a light switch, someone had walked into the kitchen, and so on.
Given the fact that the same patterns are repeated, it would be very easy for an ISP to build a model that instantly analyzed and stored such patterns. And if an ISP can do it, anyone who can grab your internet traffic would be able to do the same.
"Smart home network traffic is susceptible to eavesdropping by other parties," they warn. "Such parties include ISPs, Wi‑Fi eavesdroppers, or state-level surveillance entities."
And while the team did not use an internet-connected sex toy in its test, it did note that the exact same analysis would reveal use of such items.
Which begs the question: how can you stop the CIA – or Comcast – keeping tabs on your dildo use?
The team dug into various methods, including:
- Cutting the devices off from the outside internet
- Using a VPN to shield traffic
- Adding noise to the system to disguise usage
Only the last method proved satisfactory, with the researchers noting with some surprise that several devices simply stopped working altogether if they didn't have an internet connection. Others lost enough functionality that they were basically equivalent to non-smart home (and much cheaper) products.
The VPN method was pretty good at disguising traffic, since it effectively strips the DNS interactions out from grabbable traffic. But the team was still able to discern a lot of information based on the time, type and amount of traffic.
"A smart door lock and smart sleep monitor are less likely to be recording user activity simultaneously," it notes. "Traffic observations from particular times of day are likely to contain non-background traffic from only one of these devices."
What did work, however, was adding noise to the system through independent link padding (ILP). The team wrote some code (under 100 lines, they say) that ran on the router and padded or fragmented all data packets to a constant size, and then buffered traffic or sent cover traffic to hide actual device data.