If You Have a Smart TV or IoT Devices, Your Home is Leaking Data

It’s been obvious for years that consumer devices cannot be trusted to secure user data, but there have been relatively few studies into exactly how poorly the modern ecosystem actually is. Researchers at Northeastern University and the Imperial College London have recently conducted a thorough analysis of 81 different IoT products to characterize what services they attempt to connect with, what communications can be inferred from these connections, and the degree of encryption used to protect customers. The highlights of our research findings include the following. Using 34,586 controlled experiments, we find that 72/81 devices have at least one destination that is not a first party (i.e., belonging to the device manufacturer), 56% of the US devices and 83.8% of the UK devices contact destinations outside their region, all devices expose information to eavesdroppers via at least one plaintext flow, and a passive eavesdropper can reliably infer user and device behavior from the traffic (encrypted or otherwise) of 30/81 devices.