Hostnames make especially mobile devices trackable and identifiable (Photo: XXX) Computers - including smartphones…
How IoT data streams can compromise privacy
The internet of things (IoT anm.d.Red.) Is a danger to the privacy of the users. This has recently resulted in a study by Princeton University. The Problem: Different IoT devices, such as security cameras or an Amazon echo, produce a fairly characteristic data stream. Thus, even encrypted data streams can reveal sensitive details when someone is analyzing network traffic accordingly.
“We were surprised at how easy it would be for a passive network observer to close encrypted smart home traffic on user behavior”
Write the authors of the study. As a result, the team comes through an analysis of the traffic of four devices, including a sleep monitor, a security camera, an Amazon echo, and a WeMo switch from Belkin that serves home automation.
Each of the sensor-fitted devices generates data streams with a particular characteristic profile. This profile remains recognizable despite encryption, so this means an information leak. If someone is monitoring the network and analyzing data streams, which is theoretically not difficult for the internet provider in question, this could thus read some of the encrypted IoT traffic.
The sleepmonitor tested, for example, reveals the sleep pattern, while at Amazon’s echo, the analysis clearly shows the traffic when the user asks the device a question. At first sight, this does not seem too serious if the question itself is encrypted. But the information alone could already tell you when someone used a particular device.
“We would not be surprised if many other currently available smart home devices have similar privacy vulnerabilities,” the study authors said.
They also emphasize that they have simply analyzed the data rates of encrypted traffic, but not data packets via Deep Packet Inspection. In order to protect privacy on the Internet of things effectively, technical tricks seem necessary. Even the use of solutions such as VPN tunnels could make the analysis of the data streams more difficult. A systematic solution for privacy protection would have to make it unrecognizable for traffic characteristics that ultimately give information about user behavior.