Researchers find a way to stop ISPs from spying on you via your smart devices

Shoddy security and possible privacy invasions — those are two risks that come along with owning a smart device. Even if you’ve taken additional steps to protect your privacy — such as putting your IoT devices behind a VPN — an ISP, or an adversary with capabilities similar to an ISP, can still use your smart devices to spy on you.

Fortunately, you can stop your ISP from spying on you via your smart devices, according to “Spying on the Smart Home: Privacy Attacks and Defenses on Encrypted IoT Traffic” (pdf), a Princeton University research paper by Noah Apthorpe, Dillon Reisman, Srikanth Sundaresan, Arvind Narayanan and Nick Feamster.

The attack on user privacy

The researchers found that an ISP or other passive network adversary could use metadata from IoT devices — even if the smart devices use encryption — to infer privacy-sensitive in-home activities. The attack on user privacy, spying on them via their smart devices, has two components: device identification and activity inference.

The smart home traffic rate metadata attack uses Domain Name System (DNS) queries to identify specific smart home devices from network traffic, followed by monitoring changes in IoT device traffic to determine what the user is doing in the privacy of his or her home.

The paper states:

We tested this attack on several commercially available smart home devices and found that all revealed potentially private user behaviors through network traffic metadata. Traffic rates from a Sense sleep monitor revealed consumer sleep patterns, traffic rates from a Belkin WeMo switch revealed when a physical appliance in a smart home is turned on or off, and traffic rates from a Nest Cam Indoor security camera revealed when a user is actively monitoring the camera feed or when the camera detects motion in a user’s home. The general effectiveness of this attack across smart home device types and manufacturers motivates the need for technical privacy protection strategies.

IoT devices used in smart home privacy attack experiment

The laboratory smart home setup for this research included seven popular IoT devices: Sense Sleep Monitor, Nest Cam Indoor security camera, Amcrest WiFi Security IP Camera, Belkin WeMo switch, TP-Link WiFi Smart Plug, Orvibo Smart WiFi Socket and an Amazon Echo.

Although this was a sampling of smart device types from various manufacturers, the researchers said, “Given the effectiveness of traffic rate privacy attacks on all tested devices, we believe that smart home owners should be concerned about traffic rate metadata across all types of smart home devices.”

Firewalling and tunneling smart home traffic; VPN doesn’t guarantee privacy

Most IoT devices won’t work without an internet connection, so “firewalling smart home devices from the internet is not an effective means of mitigating the problem of traffic rate metadata.” It also makes “the smart home network metadata privacy problem unavoidable because these smart devices necessarily connect to the Internet.”

Blocking traffic via a firewall to stop an ISP from snooping on traffic from smart devices would mean the IoT device has no need of cloud services for basic functionality. In the experiment, the researchers found that four of the seven devices in the smart home lab had limited functionality and three were completely unusable without an internet connection. For blocking traffic, the tradeoff of usability versus users’ privacy could change if developers separated streams needed for functionality.

All smart device traffic could be tunneled through a VPN, but the researchers found that an ISP or attacker could still see traffic rate patterns and pull off the metadata privacy attack.

The authors added, “Tunneling smart home traffic through a VPN makes the traffic metadata privacy attack considerably more challenging, but it does not provide guaranteed protection. We find that certain common device combinations and user activity patterns minimize the ability of a VPN to obfuscate smart home traffic metadata.”

How to prevent spying on the smart home

The researchers did find a fix; they used traffic shaping by independent link padding (ILP) to prevent successful smart home privacy attacks. ILP, they said, “prevents the metadata attack while preserving device functionality.” It involves shaping traffic rates, adding a small amount of “cover” traffic to hide device behavior from an ISP or adversary.

The paper describes several traffic shaping implementations, as well as the amount of high latency the IoT devices could tolerate and still function. The authors say traffic shaping by independent linkpadding “can be a cost-effective means to guaranteeing privacy.”

They found “that 40KB/s extra bandwidth usage is enough to protect user activities from a passive network adversary. This bandwidth cost is well within the internet speed limits and data caps for many smart homes.”

The authors concluded that “traffic shaping by independent linkpadding can effectively protect smart home privacy. Despite commonly held beliefs, traffic shaping can be deployed in smart homes without significantly decreasing network performance or increasing data costs.”