They say we all live on the Net in the 21st century: even if you are not literally online at the moment, some of your smart devices might be sending your current location data to some unknown stations. GPS navigators, smart home devices, Apple watch – whatever – you always risk being tracked. Privacy issues are of high concern nowadays, and that is totally justified by a number of potential dangers, connected with the data you often have to share.
Recently, Sarthak Grover and Roya Ensafi, a group of researchers from Princeton University, have investigated privacy vulnerabilities of several Internet of Things smart home devices by monitoring incoming and outgoing traffic. Turned out, many devices fail to encrypt big amounts of traffic they send and receive. The guys presented results of their research to the Federal Trade Commission at PrivacyCon with an implication that the Internet of Things is less secure than we expect. This made everyone think of the following issue: many smart gadgets developers appear to be startups, possessing not enough resources and expertise to provide fundamental security. It means – we should be careful.
The most notable of Sarthak and Roya’s findings was Nest thermostat, an advanced smart home device with a wide range of options and possibilities. According to the report, Nest thermostat disclosed the user’s zip code, home and weather station location data. After the researchers reported the bug, it was promptly fixed by Nest.
Transmitting such data without proper encryption is not so bad in itself, but it is rather risky since the information may be caught by criminals and used for various negative purposes.
Among the other devices, studied by Sarthak and Roya, is the Ubi smart speaker, which is reportedly leaking various sensor data, indicating whether the user is at home. Plus the PixStar smart photo frame, communicating with the public Internet without any encryption at all.
So the question is: how secure these IoT devices are and whether we can trust this popular technology in general. Certainly, IoT startups should pay due diligence to security issues. Hopefully, Google and Apple unified platforms will provide certain standardized security and communication parameters to IoT projects.
You may sign up our monthly newsletter to receive updates or news from our team.