The Vulnerabilities of Smart Home Tech

image provided by pixabay

This post is also available in: עברית (Hebrew)

Our homes and home appliances are constantly getting smarter, getting upgraded, connecting to your WiFi, and using apps on your mobile phone. However, according to David Choffnes, associate professor of computer sciences at Northeastern University, this much interconnectivity comes with significant risk.

Smart home gadgets (also known as the Internet of Things) make people’s lives easier, but these items communicate with each other or over the internet in a way that we can’t see- according to Choffnes, some devices are sharing their location, which in turn allows other devices within their local network to locate them.

Choffnes and his team recently led new research that sheds light on the privacy and security flaws of this emerging technology category, for which they tested 93 IoT devices to see how they interact within a local network, with surprising and insightful results.

According to Techxplore, the researchers discovered that devices will scan their local network to figure out what is every other device in a user’s home, as well as security issues with how the mobile apps connected with these devices work. Choffnes explains: “On Android, mobile apps can get around permission restrictions that Android imposes, like access to geolocation or access to unique identifiers, by simply querying devices or sending messages to other devices on the home network and getting them to tell the app the same information that OS was keeping away from them.”

He adds that Google has acknowledged the team’s findings and is working with them to develop mitigation efforts. Choffnes further emphasizes that these systems do not have to operate in this manner and that devices can work interoperably without such big privacy and security risks.

The research team presents several potential solutions as part of the study, including calling for more standardization among these devices. Tinanru Hu, a doctoral student at Northeastern and a co-author of the research, says that companies haven’t been greatly incentivized to standardize and that one of the research’s goals is to inform the public about these issues.

“When more users know about the problem, they can motivate the companies toward the best privacy and security standardization efforts,” he concludes.