Most people are skeptical about using a smart speaker or internet-connected smart devices just for security reasons. The fear of not knowing what information about you the devices are collecting, sharing and to who is the big problem.
In May 2018, a woman from Portland, Oregon found out that her Amazon Echo had listened to a private conversation she had with her husband and had it sent to her husband’s coworker. The couple didn’t realize until the recipient called, urging that the smart speaker be unplugged. The device had misunderstood the conversation and responded to what it thought was a request, Amazon said after investigating the matter. The mix-up may not be the primary security breach people are worried about.
A team of Princeton University scientists has developed a tool that can help people to spy just how much personal information smart devices send out. Called the IoT inspector, the software can track every transmission sent out into the world by a smart home device. Be it a smart TV, Amazon Echo, Apple HomePod, etc.
How Princeton IoT inspector spy smart speakers
The app uses Address Resolution Protocol (ARP) spoofing – a common hacking technique – to track down all transmissions. According to the team, the IoT inspector intercepts every activity on a WiFi network to monitor information being sent and to whom. Only available on Mac-devices (for now), the app lets you see which servers all the IoT devices contact, when they exchange data with an external server, and if those connections are secure, reports 9to5Mac. For instance, the app could track how much of your personal data goes to external servers, and which ad agencies or TV networks see what you watch on a smart TV.
The big deal is not that these devices share your personal information with marketers. There is a need to understand the extent and to whom.
Smart devices are not entirely watching us for a negative result. Detectives investigating the double murder of two women in Farmington two years ago couldn’t get any evidence until a judge ordered Amazon to turn in all voice recording made on the deceased Amazon Echo at that time.
By design, smart devices are always on and continuously transmitting data even when you are not using them. For instance, the volume of data transmitted from the Echo and the huge number of servers it contacts are not used by Amazon. While third-party data sharing is necessary to activate the services on any smart device, the manufacturers are not responsible for providing a mechanism that should help users track what information is shared and where.
Princeton IoT inspector may worth having to track records of your private information but that hasn’t solved the challenge surrounding giving up our frontier of private space to the world. It’s important to know but who is having your information but you can’t control how the data is going to be used.