Smart home devices, even when their data is encrypted, can reveal a great deal of information about the activities of their users simply through their meta data and traffic patterns, according to US researchers.
“Examples of offline activities recorded by currently available smart home devices include sleeping patterns, exercise routines, child behaviours, medical information, and sexual activity,” say researchers from Princeton University in their academic paper Spying on the Smart Home: Privacy Attacks and Defenses on Encrypted IoT Traffic.
They explain that many smart home devices have always-on sensors that capture users’ offline activities in their living spaces and transmit information about these activities outside of the home, typically to cloud services run by device manufacturers.
Even if a smart home device is not designed to capture privacy sensitive activities, such activities may indirectly influence information collected by device sensors, allowing them to be identified by inference techniques, say the researchers. Smart home traffic meta data is sufficient for a passive network adversary to infer sensitive in-home activities.
The researchers tested a number of devices, including the Nest security camera, recently introduced into Australia. It has a live streaming mode where its video is uploaded in real time to the cloud and can be viewed by the user through the Nest web/mobile app, and a motion detection mode, when it records a snapshot of the video and alerts the user.
They say the predictable variability in network send/receive rates resulting from these two modes would allow an adversary to observe the presence and frequency of motion inside a smart home, creating significant privacy vulnerabilities and physical security risks even though the content of the video stream remains protected by encryption.
“It should not be possible for a third party to be able to determine when a security camera detects movement or is being actively monitored.”
The researchers propose what they say is a practical and cost effective solution to the problem: traffic shaping by independent link padding. By shaping traffic rates to match a predetermined rate or schedule, it cannot be correlated with any activity being reported by the device.
“For a relatively low-cost, traffic shaping can give a consumer strong guarantees of smart home privacy without interfering with the basic functioning of smart home devices.”
They say this could be implemented in a hub or router, simultaneously shaping the traffic from all smart home devices.
The researchers make the point that the privacy threat of traffic meta data analysis will continue to grow along with the market for IoT smart home devices, and express the hope that growing consumer awareness of the privacy risks created by their smart home devices will lead to consumers pressuring manufacturers to adopt measures such as traffic shaping to protect their customers’ privacy.
However, they add that “improved regulation of ISPs and other passive network observers may also be necessary to offset the unique privacy challenges posed by IoT devices.”