There are a number of new hardware network security products hitting the market. Some replace your existing WiFi router, and others are inserted in the network between the ISP broadband box and your WiFi router. The hardware ranges in price between $99 and $250, and they all require ongoing subscriptions that range from $99 – $130 / year.
These devices help with things like protecting you from some of the security vulnerabilities associated with Smart Home devices, provide parental controls, VPN’s for mobile devices, examine packet level data for virus signatures, MAC filtering of black listed devices, et. All this inarguably makes your network more secure, but how much does it help protect your privacy? Some – but not much.
Gartner predicts there’ll be 26 billion IoT devices deployed by 2020. Many of these are designed for commercial market applications and are making their way into our homes. These devices and gadgets can be cool, handy, even live saving; buy they’re not loyal. Never forget that you may be buying the hardware, but the manufacturer is only letting you use the software through an EULA (End User Licensing Agreement). They own the software, and in connected applications, they have can control it as well.
Ever try to read a contemporary EULA before accepting it? First, it’s nearly impossible due to the sheer volume of words, and second, the meaning is obfuscated in all the legalese. It’s nearly impossible to know what you’re agreeing to.
“No ticky, no laundry”: A growing number of SmartTV manufacturers will retard functionality if the end users don’t connect to the network and accept their T’s & C’s.
Most IoT systems are architected to include a cloud component, minimally they have regular communications with their mother-ship. All with the best of intentions.
In August 2017, researchers from Princeton University published an academic paper entitled “Spying on the Smart Home: Privacy Attacks and Defenses on Encrypted IoT Traffic”. In the paper, they report how Smart Home devices can be identified and the traffic patterns observed to allow the observer to make well educated guesses about what’s being communicated. Potential observers include ISP’s, WiFi eavesdroppers, and state-level surveillance entities.
I’m a proponent of the IoT revolution, but as with most things it’s caveat emptor. It’s important to remember that these devices serve you but they also have other masters, and their chatter alone can give away information about you. My advice is to use them with a degree of situational awareness to the privacy issues, and exercise your ultimate authority by disconnect them from the network when they’re not in use.