What was the study about?
Researchers from Northeastern University and Imperial College London have examined 81 Internet of Things (IoT) devices in the US and UK, including TVs, smart home hubs, smart speakers, doorbells, and appliances.
The researchers analyzed Smart TVs from popular vendors such as Samsung, LG, Phillips, etc as well as streaming devices such as Apple TV, Amazon's FireTV and Roku.
What did they find?
The analysis revealed that 71 out of 81 devices send user information to third parties including Netflix, Spotify, Microsoft, Akamai, and Google.
“We analyzed both unencrypted and encrypted content in this section. First, we found very limited sensitive or personal information exposed in plaintext—a welcome observation given the sensitivity of data potentially exposed by such devices. Second, we found that even when devices use encryption, the timing patterns of their network traffic permits reliable identification of the interactions that caused the network traffic. Put another way, an eavesdropper can reliably learn a user’s interactions with a device across a wide range of categories, opening the potential for profiling and other
privacy-invasive techniques,” researchers said in a paper titled ‘Information Exposure From Consumer IoT Devices’.