Is Your Broadband Provider Spying On You Through Your Smart-Connected Devices?
Now that we’re all connected all of the time through smart phones, tablets, watches, TVs and even kitchen appliances, concerns over data security and privacy have never been more pressing. We don’t all read the terms and conditions or make changes to the privacy settings in the devices and apps we use, nor do we check what are smart-connected devices are up to in terms of transmitting information. This could lead to our private information being sold, our identities stolen in order to commit fraud and marketers finding more ways to target us with their advertising.
It may seem paranoid to suggest that your devices are spying on you, but this is a situation suggested by the findings a new study on smart-connected devices in the home.
How many Internet of Things smart-connected devices do you have in your home?
A new piece of important research from Princeton University in the U.S. looked at the kinds of data which might be revealed in normal home using smart-connected devices. Researchers set up a test home for the experiment, which was connected to seven Internet of Things (IoT) devices including indoor security cameras, smart light switches and sockets and baby sleep monitors.
If you haven’t encountered it before, IoT is a term used to cover any device or sensor which uses the internet to operate, to transmit information or communicate. A surprising number of devices in modern homes use the internet, from fridges to energy monitoring equipment such as thermostats. Research by Gartner estimates that by the end of 2017, there will be 8.4 billion such devices – an increase of 31% compared to last year. By 2020, we could see an enormous 20.4 billion IoT devices in operation.
ISPs could be using IoT devices to gather data
The Princeton team found that four of the seven IoT devices placed in their test home could be detected and identified by internet service providers (ISPs). Features such as how they connect to the internet can help with this identification and once ISPs know what the device is, they can use it to gather data on how and when someone accesses the connection. This data can be collated to build up a picture of our private internet habits, information which could then be passed on to third parties and advertisers.
In terms of whether or not this is legal, the picture is a little unclear. The EU and UK are understood to be bringing in new laws to protect data gathered from Internet of Things devices, but under U.S. law – broadband providers appear to have free rein to sell or share these insights collected about your internet habits.
Commenting on the findings, the researchers said:
“The privacy threat of traffic metadata analysis will continue to grow along with the market for IoT smart home devices.
“In this paper, we demonstrate that a passive network adversary can infer private in-home user activities from smart home traffic rates and packet headers even when devices use encryption.
“We find that many commercially-available smart home devices do not function without network connectivity.
“This makes the smart home network metadata privacy problem unavoidable because these smart devices necessarily connect to the Internet.”
What use is this data?
You might think that it doesn’t matter if your broadband provider or other third party knows when and how often you access the internet. However, your privacy could be being breached depending on the device you use to connect to the internet. For example, the study found that:
- Sleep monitors can be used to track a user’s sleep patterns – knowing when you go to bed and get up can help advertisers to know the best times to target with advertising
- Motion-activated wi-fi security cameras could potentially alert ISPs when movement is detected – providing data on when you and your family are most active in the home as well as when you typically go to bed
What you can do to protect yourself?
If all this sounds more than a little creepy, don’t panic. There’s no need to shut off all of your smart-connected devices and lock yourself in your bedroom. The research team at Princeton has a handy tip to help you put up a defence against this kind of activity until it is made officially illegal.
They advise running your internet traffic through a Virtual Private Network or VPN. A clever feature of doing this is that you can request that the network records your internet history and plays back the same traffic whenever there is no activity (i.e. when you’re out at work or in bed). This can mask your habits and confuse your ISP so that no accurate patterns will emerge, but it does have the drawback of potentially slowing down your connection.
Other tips include:
- Switching off internet connected devices unless you actually need them running
- Checking what devices actually do connect to the web – as some may surprise you
- Take some time to review your privacy settings on the apps, websites, platforms and devices you use most often. Your phone, tablet and social media accounts are an excellent place to start. Spending just a few minutes of your time could ensure that your private information is protected at home and when out and about.
You can also check for other unwanted spying activity using bug detectors and by securing your smartphone with the very best smartphone security software. Online Spy Shop’s phone and tablet security section is a good place to start if you suspect that your settings aren’t as secure as they should be or that someone has gained unauthorised access to your phone. You can use security software to carry out deep-level cyber analysis to ensure your device is completely clean of malware, spyware and other malicious bugs, as well as detecting when someone is trying to remotely eavesdrop on your calls.