A new study released by Noah Apthorpe*, Dillon Reisman, Srikanth Sundaresan, Arvind Narayanan, and Nick Feamster, researchers at Princeton University reveals that many smart home devices when left on all the time can provide IPS with the usage information that may seem invasive to most.
The study demonstrates that an ISP or another network observer can access activities by analyzing “Internet traffic from smart homes containing commercially-available IoT devices even when the devices use encryption.” And that we have very little control how this information may be used and resold to since the reversal of the Broadband Privacy Rule by both Congress and the House. In other words, our data is up for grab for the highest bidder.
Home devices such as those beneath can increase your risks:
Since encryption isn’t enough, what else can you do? The researchers discovered that there are several successful strategies for mitigating the privacy risks associated with smart home device traffic. including blocking, tunneling, and rate-shaping. The experiment shows that traffic shaping can effectively and practically mitigate many privacy risks associated with smart home IoT devices.
Preventive measures include blocking, tunneling, and rate-shaping.
We find that 40KB/s extra bandwidth usage is enough to protect user activities from a passive network adversary. This bandwidth cost is well within the Internet speed limits and data caps for many smart homes.