Orome1 quotes Help Net Security: Even though many IoT devices for smart homes encrypt their traffic, a passive network observer — e.g. an ISP, or a neighborhood WiFi eavesdropper — can infer consumer behavior and sensitive details about users from IoT device-associated traffic rate metadata. A group of researchers from the Computer Science Department of Princeton University have proven this fact by setting up smart home laboratory with a passive network tap, and examining the traffic rates of four IoT smart home devices: a Sense sleep monitor, a Nest Cam Indoor security camera, a WeMo smart outlet, and an Amazon Echo smart speaker… “Once an adversary identifies packet streams for a particular device, one or more of the streams are likely to encode device state. Simply plotting send/receive rates of the streams revealed potentially private user interactions for each device we tested,” the researchers noted. [PDF] In addition, the article notes, “Separating recorded network traffic into packet streams and associating each stream with an IoT device is not that hard.”
Read more of this story at Slashdot.