Saturday, 16 September 2017 03:58

Your Internet Provider Has Already Hacked Your Smart Home


Welcome, dear user, to the 21st century. Your house is a computer made of bricks and mortar. Your car can drive itself. Everything from the television set in your living room to the juicer in your kitchen, is connected to the internet. Welcome, indeed, to the age of information and data. Where your internet providers can snoop in on your sleeping habits, spy on your security cameras, tell from afar every time you heat water or turn on the microwave. I know it all sounds a little bit paranoid, perhaps even make-belief. But don’t be fooled into thinking that corporations as large as your network service provider don’t already have access to the ins and outs of your home. Especially now, that the new administration has decided to give them even greater autonomy on accessing your private data.

Noah Apthorpe, Dillon Reisman, Srikanth Sundaresan, Arvind Narayanan and Nick Feamster, graduating students at the Princeton University Research Centre, published a new paper two weeks ago. In it, they detailed the results of an experiment that spied on metadata from the many devices inside a smart home to derive information on its occupants. Once you have access to all the outgoing traffic within a network, it’s really not that difficult to identify the specific devices integrated into the network, be it a learning thermostat or a smart refrigerator. By observing patterns in incoming and outgoing traffic throughout the day, internet providers can, if they so choose, gather sensitive data on your daily routine. How well do you sleep? Do you like showering in hot water? Do you prefer reading books or watching television? This lucrative chunk of raw data, attractive and useful to companies which market various products for your day-to-day life, are available for access to your favorite internet service provider. Free for them to sell to myriad different corporations if they so choose. But is there a way out?

“When building your new smart home from the ground up, security is the one thing that never leaves your mind. Imagine setting up an expensive security system, smoke-sensitive fire alarms and surveillance cameras throughout the house only to get your privacy breached and your data stolen by your trusted internet service provider.” - Scott Colgan, President of EcoExperts

If you take your privacy seriously, chances are that you are already considering using a firewall or a virtual private network to secure your smart home network. Unfortunately for you, that doesn’t work. Most smart devices function in the cloud, meaning that using a firewall can severely limit their functionality at the cost of some privacy. Virtual private networks, on the other hand, don’t provide much security either, as internet providers can still monitor traffic rates and metadata from your smart home to gather insight about your lifestyle choices. There is, however, one way.

If you were to, say, route all of your smart home’s traffic through a centralized hub, such as a router with its own software configuration, you may just be able to throw internet providers off the scent on your traffic rates. Using a special technique called traffic shaping by independent link padding, you can prevent corporations from accessing your metadata while side-by-side preserving device functionality. By “padding or fragmenting all packets to a constant size, and buffering device traffic or sending cover traffic”, users can throw internet providers off the trail and access smart devices without the fear of being spied upon.

“The growing market for smart home IoT devices promises new conveniences for consumers while presenting new challenges for preserving privacy within the home. Many smart home devices have always-on sensors that capture users' offline activities in their living spaces and transmit information about these activities on the Internet. In this paper, we demonstrate that an ISP or other network observer can infer privacy sensitive in-home activities by analyzing Internet traffic from smart homes containing commercially-available IoT devices even when the devices use encryption. We evaluate several strategies for mitigating the privacy risks associated with smart home device traffic, including blocking, tunneling, and rate-shaping. Our experiments show that traffic shaping can effectively and practically mitigate many privacy risks associated with smart home IoT devices.” - Noah Apthorpe, Grad Student at Princeton University

You shouldn’t have to go to such great lengths to secure sensitive data from the hands of greedy corporations. Your privacy should not just be your responsibility. Comcast, Verizon, AT&T or Time Warner shouldn’t simply be allowed to sneak into your home and auction your private data to the highest bidder. We live in a time and age where the people’s right to privacy is increasingly taken for granted, but as you lay resting on the privacy of your own bedroom, doors closed and windows shut, thinking about the next day or the last one, I want you to imagine, really imagine, what it might be like once your right to privacy is completely gone.

Source: This article was published By Harold Stark

Live Classes Schedule

There are no up-coming events


World's leading professional association of Internet Research Specialists - We deliver Knowledge, Education, Training, and Certification in the field of Professional Online Research. The AOFIRS is considered a major contributor in improving Web Search Skills and recognizes Online Research work as a full-time occupation for those that use the Internet as their primary source of information.

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.