Story image

Princeton study wants to know if you have a smart home - or a spy home

16 Apr 2019

The IoT research team at Princeton University wants to know how your IoT devices send and receive data not only to each other, but also to any other third parties that may be involved.

A new study aims to analyse the risks of smart devices, from the humble smartphone right up to TVs, smart bulbs, plugs, sensors, smart speakers, Alexa, Google Home, Amazon Echo, security cameras, and any other internet-connected device used in the home.

Researchers want to explore risks in terms of their security and privacy, as well as bandwidth risk that could slow down the home’s internet connection.

The researchers are offering a tool called the IoT inspector, which is available to anyone who wants to participate in the research.

“Our goal is to measure and visualise these risks, both for research and for the user. To this end, we release IoT Inspector — an open-source software that you can download to inspect your home network and identify any privacy, security, and performance problems associated with your IoT devices,” the researchers state.

The IoT Inspector collects and transmits information about devices connected to the home network. The information includes:  Who the IoT device contacts through the internet and whether the contact is malicious or a known user tracker; how much data is exchanged; and how often data is exchanged.

That information is used to provide transparency into IoT devices, including whether those devices are sharing information with third parties; whether the devices have been hacked or used in DDoS attacks; and whether the devices are slowing down a home network.

The IoT Inspector doesn’t collect information about devices’ network activities, the contents of the communication, or personally identifiable information like network IP addresses, or names and emails.

Those who are keen to use IoT Inspector but want to exclude particular devices from monitoring must either power the devices down while setting up IoT Inspector, or specify the device’s exact MAC address. 

There may be a few side effects of running IoT Inspector on your device. Those effects include a drop in network performance (it may slow your network down); bugs and errors; and data breaches in the event that the university’s secure server is compromised. 

“An attacker will have access to this form and the collected data. However, the attacker will be unable to infer what IoT devices you own (because the attacker would not know the real-world identities behind each device), and what you do with your devices,” the researchers state.

IoT Inspector can only run on macOS at this stage – Windows and Linux users have to go on a Waitlist.  IoT Inspector can’t run on tablets or smartphones. If you’re interested, find out more by going to https://iot-inspector.princeton.edu/

Chillisoft rounds out portfolio with file integrity vendor
Tripwire is the fourth vendor for Chillisoft in six months, adding critical security controls, vulnerability management and file integrity monitoring.
ESET researchers break down latest arsenal of the infamous Sednit group
At the end of August 2018, the Sednit group launched a spear-phishing email campaign, in which it distributed shortened URLs that delivered first-stage Zebrocy components.
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Who's watching you? 
With privacy an increasing concern amongst the public, users should be more aware than ever of what personal data companies hold.
Fake apps on Google Play scamming users out of cryptocurrency
Fake cryptocurrency apps on Google Play have been discovered to be phishing and scamming users out of cryptocurrency, according to a new report from ESET.
Optic Security Group celebrates Axis accolade
Auckland-based business security systems provider Fortlock has picked up an award at Axis Communications’ annual Oceania Axis Partner Summit 2019.
Managing data to comply with privacy regulations - Micro Focus
It’s crucial for organisations to be able to access, understand, and accurately classify the data they have so they know how to treat it.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.