We’ve mostly moved past the point where our Internet of Things devices leak private information to anyone watching via unsecured connections, but that doesn’t mean you can stop being afraid. Never, ever stop being afraid. To top up your paranoia reserves, a new study finds that internet providers can, if they so choose, monitor all kinds of things from your smart home’s traitorous metadata.
The paper, from a team at Princeton’s computer science school led by grad student Noah Apthorpe, gets straight to the point: “we demonstrate that an ISP or other network observer can infer privacy sensitive in-home activities by analyzing internet traffic from smart homes containing commercially available IoT devices even when the devices use encryption.”
It’s a pretty straightforward attack: the IoT devices often identify themselves voluntarily, usually by connecting to specific domains or URLs.