Smart home devices collect a lot of data about our lives. But it’s fairly difficult to find out what specific data they harvest and who they transmit it to — at least, until now.
Researchers at Princeton University have developed a new piece of macOS software that can help people keep tabs on their smart home devices. As the researchers say on their website: “Our smart devices are watching us. It’s time for us to watch them.”
What Is It?
The app is called the Princeton IoT Inspector. In a nutshell, it monitors all of the IoT devices on a network, as well as their data collection — including how much data is collected, how often and to whom it’s being shared with. To do so, it takes advantage of a network monitoring technique, called ARP spoofing, usually used by hackers or bad actors to redirect traffic.
If you use a Roku streaming stick, for example, you may see that the device is contacting various servers in the background while you’re watching a show. While some of those servers will undoubtedly be owned by the streaming platform, others could belong to third-parties like data harvesters or marketing agencies.
And, in addition to figuring out where the data your devices collect is going, the Princeton IoT Tracker can also let you know whether or not that data is being encrypted.
You can use the Princeton IoT Inspector beyond your own smart home, too. Because it lists all of the IoT devices on a network, you could, for example, use it to sniff out potential hidden cameras at an Airbnb.
However, there are a few caveats to keep in mind about the software.
For one, Princeton notes that it will collect the network traffic data it monitors for analysis. While the data is anonymized, Princeton advises users to rename network devices that have your full name in its device name (since the university will be able to see that name).
It’s also a non-App Store app, which means that if you decide to use it you’ll need to go to System Preferences > Security > General to allow macOS to open it. If you’re concerned about security and have a bit of technical know-how, you can view the app’s source code on Github.