Story image

Princeton study wants to know if you have a smart home - or a spy home

16 Apr 2019

The IoT research team at Princeton University wants to know how your IoT devices send and receive data not only to each other, but also to any other third parties that may be involved.

A new study aims to analyse the risks of smart devices, from the humble smartphone right up to TVs, smart bulbs, plugs, sensors, smart speakers, Alexa, Google Home, Amazon Echo, security cameras, and any other internet-connected device used in the home.

Researchers want to explore risks in terms of their security and privacy, as well as bandwidth risk that could slow down the home’s internet connection.

The researchers are offering a tool called the IoT inspector, which is available to anyone who wants to participate in the research.

“Our goal is to measure and visualise these risks, both for research and for the user. To this end, we release IoT Inspector — an open-source software that you can download to inspect your home network and identify any privacy, security, and performance problems associated with your IoT devices,” the researchers state.

The IoT Inspector collects and transmits information about devices connected to the home network. The information includes:  Who the IoT device contacts through the internet and whether the contact is malicious or a known user tracker; how much data is exchanged; and how often data is exchanged.

That information is used to provide transparency into IoT devices, including whether those devices are sharing information with third parties; whether the devices have been hacked or used in DDoS attacks; and whether the devices are slowing down a home network.

The IoT Inspector doesn’t collect information about devices’ network activities, the contents of the communication, or personally identifiable information like network IP addresses, or names and emails.

Those who are keen to use IoT Inspector but want to exclude particular devices from monitoring must either power the devices down while setting up IoT Inspector, or specify the device’s exact MAC address. 

There may be a few side effects of running IoT Inspector on your device. Those effects include a drop in network performance (it may slow your network down); bugs and errors; and data breaches in the event that the university’s secure server is compromised. 

“An attacker will have access to this form and the collected data. However, the attacker will be unable to infer what IoT devices you own (because the attacker would not know the real-world identities behind each device), and what you do with your devices,” the researchers state.

IoT Inspector can only run on macOS at this stage – Windows and Linux users have to go on a Waitlist.  IoT Inspector can’t run on tablets or smartphones. If you’re interested, find out more by going to https://iot-inspector.princeton.edu/

Tech Data to distribute Nutanix backup solution in A/NZ
Tech Data will distribute HYCU Data Protection for Nutanix backup and recovery software to their network of partners across Australia and New Zealand.
Veeam releases v3 of its MS Office backup solution
One of Veeam’s most popular solutions, Backup for Office 365, has been upgraded again with greater speed, security and analytics.
Too many 'critical' vulnerabilities to patch? Tenable opts for a different approach
Tenable is hedging all of its security bets on the power of predictive, as the company announced general available of its Predictive Prioritisation solution within Tenable.io.
Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.
McAfee announces Google Cloud Platform support
McAfee MVISION Cloud now integrates with GCP Cloud SCC to help security professionals gain visibility and control over their cloud resources.
WatchGuard announces A/NZ partners awards
Four Australian companies were named partner award winners at the WatchGuard conference in Vietnam.
Telstra’s 2019 cybersecurity report
Cybersecurity remains a top business priority as the estimated number of undetected security breaches grows.
Why AI and behaviour analytics should be essential to enterprises
Cyber threats continue to increase in number and severity, prompting cybersecurity experts to seek new ways to stop malicious actors.