We’ve long talked about the risks and rewards of technology, especially IoT devices in the home. For every cool gadget, there’s a chance your information will get hacked or tracked.
Last year, Congress thought it would be fun to give Internet Service Providers (ISPs) power to spy on customer internet usage data and sell it. Which means your ISP can see all the data from your smart devices and profit from selling you out to third parties.
Some folks at Gizmodo decided to conduct an experiment to see how much data can be tracked from smart homes.
Back in December, Gizmodo senior reporter Kashmir Hill set up just about every smart device imaginable in her apartment including an Amazon Echo, smart TV, smart lights, toothbrushes, baby monitor, and even a mattress.
Hill’s colleague Surya Mattu, Gizmodo data reporter, configured a router to track the device’s network activity and give the duo the same view as Hill’s ISP.
They found that since the router’s installation in early December 2017, there was not a single day without activity from the router.
At least once a day, at least one of the smart devices sent data packets to the ISP, manufacturer, or third parties. If Hill told the living room to turn on the lights, Phillips got alerted. If the family watched something on Hulu, the smart TV sent information to data brokers.
Every action could be (and in most cases was) tracked and recorded, creating a vast data set about Hill’s daily routines and schedules.
Routine tracking may seem mundane since right now most of the data isn’t being used, just monitored and recorded. However, this data may have more impact in the future.
We already have car insurance companies that offer discounts for safe driving if you use their driving monitors. Cybersecurity expert David Choffnes points out we’re not too far from a world where smart toothbrushes may connect to dental insurance rates and discounts. We’ve explored how smart watches and even browser history could impact your health insurance rates and insurability. Right now it’s all theoretical, but the bones are there to create a tech-inspired Frankenstein.
Plus, it’s inherently creepy to think that an ISP could deduce your family’s schedule based on use of smart devices.
So how can you spy back to see what kind of data is being reported?
Well, for starters you’ll need to have some computer knowledge. Or a pal who is willing to help you out in your endeavor to be a smart home spy.
For the Gizmodo experiment, Mattu built a customized router using a Raspberry Pi 3, which is a tiny computer you can custom program. If you want to replicate their test, these run around $35 for a single board.
Fortunately, the Raspberry Pi 3 comes with built in wifi hardware so it should be fairly easy to configure it as a router if you already know how to use one.
Once connected to the internet and set up as a wifi router, you’ll add the script to monitor network traffic. For this part, you need an understanding of Git and Github.
Next, set up a server so you can store traffic. Mattu and Hill used Amazon Web Services, but you can use your own server if you want. They also crafted a front-end interface to analyze the data.
Note the times when you connect and use the devices for easier analysis. If you want more details about setting up your very own smart home data traffic monitoring router, check out their article.
Some of the information collected from the devices may seem trivial. After all, what does it really matter if Philips knows what time you get up in the morning? Hill noted the data being sent is “basic, boring, information, but revealing information about how we live our life.”
This data could start to matter if companies and ISPs use your information control how you use their devices and how products are sold to you.
TV watching data is already being sold to data brokers. It’s just a matter of time before your sleep score from a smart mattress gets reported to your health insurance to determine coverage or something equally Big Brother-like.
Smart homes are predicted to be a $27 billion market by 2021, with an unprecedented number of new devices in our homes. Before rushing out to get the latest smart device, make sure you’re fully aware of what data you may be inadvertently sharing with companies.
Check out different products’ privacy policies before buying to make sure you’re cool with what information the device will be sending. And if you don’t want your ISP to know how often you make lattes, maybe opt for a coffee maker that isn’t wifi-enabled.