‘It’s time for us to watch them’: App lets you spy on Alexa and the rest of your smart devices

by - 4 min read

‘It’s time for us to watch them’: App lets you spy on Alexa and the rest of your smart devices

by - 4 min read

by

It’s no secret that our increasingly “smart” houses have become a rich source of data for companies. We know — in a general sense, anyway — that we are sacrificing some privacy for the sake of convenience.

Beyond just tablets and mobile devices, many of us have televisions we can talk to, and security cameras and even coffee makers that connect to our phone, not to mention home assistants like the Amazon Echo or Google Home, which are standing by to answer every random question that pops in our head.

According to Cisco Research, within the next few years there will be more than a dozen networked devices and connections per person in North America.

By design, these devices are always on, and always transmitting data.

However, what most of us don’t know, is exactly what kind of information all these networked appliances are gathering and who has access to it.

Now, researchers at Princeton University have designed a tool to help you figure out what all the smart devices in your home are really up to.

As they say on their website: “Our smart devices are watching us. It’s time for us to watch them.”

If you’re live-streaming a show on a Roku TV app, the channel you’re watching could be communicating with a dozen different advertising and tracking servers in the background. (Deyan Georgiev/Shutterstock)

The rationale behind the application, called the Princeton IoT Inspector, is that consumers should know where all the information being collected within their smart houses is being transmitted.

While users may understand that the trade-off in using these convenient devices is companies have access to the data they generate, they may not be fully aware of just how many different companies are linked to a single device.

“Do you have any idea what these … devices are doing?” the researchers wrote. “Who are they talking to? What are they sending?”

For instance, if you’re live-streaming a show on a Roku TV app, the channel you’re watching could be communicating with a dozen different servers in the background, the researchers say. The app is connecting to advertisers and tracking services, all of whom have a financial incentive to monitor who is watching what, when and for how long.

The Princeton IoT Inspector uses a technique known as ARP spoofing — which, it is worth noting, is usuallyused by bad actors trying to redirect traffic from a particular IP address so that they can gain access to it.

Once the app is downloaded onto your computer, the software monitors network activities of all of the smart appliances connected to your network. It shows what data each device collects, who the device contacts online, how much data is exchanged and how often.

Surprising results

The IoT Inspector reveals just how active these devices are — even when we’re not using them.

An Amazon Echo, for example, home to the digital assistant known as Alexa, maintains its network connection even if it has not detected the wake word and the microphone is turned off.

According to Amazon, there are several practical reasons for this, including routine maintenance activities, such as confirming the internet connection, downloading software updates and keeping accurate time.

In practice, this means the home assistant is checking in with Amazon servers — as well as web-hosting services, and apps the user is subscribed to such as Spotify or Apple Music — every few minutes.

It was recently reported that video feeds from people’s Ring security cameras are accessible to certain Amazon employees who may not require access to do their jobs. (Steve Marcus/Reuters)

“The smart home assistants are increasingly integrating with additional services and it’s going to be critical that they help ensure any partners are operating with confidentiality,” said Jules Polonetsky, chief executive officer of the Future of Privacy Forum, a Washington, D.C.-based advocacy group focused on data privacy issues.

The amount of data that is transmitted from an Echo, for example, and the number of destinations it is shared with, isn’t information Amazon makes readily available. While the terms of service do refer to third parties, and how information may be shared with those parties in order to perform certain tasks, Amazon provides no mechanism by which users can track what information is transmitted and where.

Although, to its credit, Alexa does respond to privacy questions, “although at a fairly general level,” Polonetsky said. “Alexa, are you spying on me?” gets a serious response.

When I asked the question, Alexa answered, “No I am not spying on you. I value your privacy.”

If that answer isn’t entirely reassuring, some recent news stories about what smart devices do with our personal data probably won’t help either.

Forinstance, Amazon employs thousands of people around the world to help improve the human speech comprehension of Alexa. As part of their job, those individuals receive transcripts of real conversations people have with their device.

It was also recentlyreported that the video feeds from Ring security cameras are accessible to certain Amazon employees who don’t necessarily need access to those feeds to do their jobs. 

Such stories, combined with the Princeton IoT Inspector’s findings, might make some users wary. After all, our homes are theoretically the final frontier of private space.

Or, at least they used to be.

This story originally appeared on CBC

Top