SoylentNews is people
SoylentNews
Submission Preview
‘Smart Home’ Warning: Major Study Exposes Alarming Security Threats
Is your smart home spying on you [studyfinds.org]?
International researchers are issuing a dire warning of security and privacy concerns lurking within smart homes. Led by IMDEA Networks and Northeastern University, scientists were able to demonstrate a variety of security and privacy threats due to the local network interactions of Internet of Things (IoT) devices and mobile apps.
As smart homes [studyfinds.org] continue to evolve, they encompass a wide array of consumer-focused IoT devices, including smartphones [studyfinds.org], smart TVs, virtual assistants, and CCTV cameras. These devices come equipped with cameras, microphones, and various sensors that can perceive activities within our most intimate spaces – our homes. However, can we truly trust these devices to handle and safeguard the sensitive data they collect?
[...] For the study, researchers delved into the intricacies of local network interactions among 93 IoT devices and mobile apps [studyfinds.org] and were able to unveil numerous previously undisclosed security and privacy concerns with real-world implications.
Contrary to the common perception that local networks are secure environments, the study highlights new threats linked to the inadvertent exposure of sensitive data by IoT devices within local networks using standard protocols like UPnP or mDNS. These threats include the revelation of unique device names, UUIDs (Universally Unique Identifiers), and even the geographic location of households. These can be exploited by companies involved in surveillance capitalism without the users’ knowledge.
“Analyzing the data collected by IoT Inspector, we found evidence of IoT devices inadvertently exposing at least one PII (Personally Identifiable Information), like unique hardware address (MAC), UUID, or unique device names, in thousands of real world smart homes,” explains study co-author Vijay Prakash, PhD student from the New York University Tandon School of Engineering. “Any single PII is useful for identifying a household, but combining all three of them together makes a house very unique and easily identifiable. For comparison, if a person is fingerprinted using the simplest browser fingerprinting technique, they are as unique as one in 1,500 people. If a smart home with all three types of identifiers is fingerprinted, it is as unique as one in 1.12 million smart homes.”
Anyone remember these tongue-in-cheek predictions [youtube.com] made 75 years ago?
