Are your home's smart devices leaking private data? Calgary researcher set to find out
International team looked at how IoT devices interact with home networks
If you've ever wondered if your phone is listening in on your conversations in order to target advertisements to you, a University of Calgary professor has your answer.
Joel Reardon, associate professor of computer science at the University of Calgary, says your phone is not listening — because it already has all the information it needs.
Reardon was part of an international team of researchers looking at how homes are increasingly interconnected with devices ranging from cameras to virtual assistants, and the resulting security and privacy threats from these devices being active on home networks.
Researchers looked at local network interactions between 93 IoT devices and phone apps. Their study suggests an inadvertent exposure of sensitive data by IoT devices within local networks using standard protocols such as Universal Plug and Play or multicastDNS.
WATCH | The U of C's Joel Reardon explains how these devices interact with sensitive data:
"What we've observed in the home network environment is that devices are freely communicating their device type and as well as identifiers, persistent identifiers such as serial numbers that don't change in the course of the life of the device," Reardon said.
"And that allows an entity who is scanning the home network to not only learn the types of devices users have in their home and the particular devices they've selected to use, but also can, in some cases, identify them uniquely and thereby build a fingerprint for a house."
Some devices were transmitting GPS co-ordinates to people who didn't have permission to view this data, he said.
Reardon added there are a number of data collectors looking for this type of information.
"It is, in my view, more valuable information because it is useful to, for instance, advertise to them more effectively and otherwise build the dossier of where people happen to be."
Researchers looked at how this data can be harvested by companies involved in surveillance capitalism.
"Basically, our focus was mostly on the side channels, which is basically a way of accessing data without you knowing that someone is accessing this data," said Narseo Vallina-Rodriguez, associate professor at IMDEA Networks Institute in Madrid, another researcher on this project.
He said many protocols for networks were created long before these types of apps existed.
"Smartphone apps didn't even exist in the 1990s when these protocols started to be designed," he said.
Reardon said they've shared their findings with manufacturers, and have received "positive responses from many of them."
With files from CBC News at 6