The Nest Learning Thermostat can leak the users’ zip codes, and other smart home devices are equally vulnerable to hackers and eavesdroppers, scientists have recently determined.
The analysis was recently featured on the digital technologies platform Freedom to Tinker, and was also presented during the Federal Trade Commission’s PrivacyCon data security conference, on January 14.
Research was conducted by Sarthak Grover, doctoral student at Princeton University, and Roya Ensafi, fellow at the Center for Information Technology Policy.
The two experts bought several smart appliances, in order to assess how secure they were when connected to the home network, and how likely it was for the gadgets to transmit unencrypted data to the public Internet.
Among the devices were the PixStar FotoConnect HD digital photo frame, the Ubi “Voice of the Internet”, the Nest Learning Thermostat, as well as the Sharx Security Camera and the Samsung SmartThings Hub.
It was discovered that the latter list item was the most reliable when it came to protecting the user’s privacy, being able to integrate a multitude of smart gadgets without leaking any personally identifiable information about the user.
In contrast, the PixStar digital frame was riddled with security issues, all the data that it was sending to and fro being conveyed as plain text, with no encryption.
Similarly, the Sharx surveillance system was also proven to be at risk of being hacked, given the fact that the footage it records is being broadcast via a regular file transfer protocol, in the absence of a SSL encryption.
Therefore, the data showing the user’s house and surroundings can easily be intercepted by outsiders, putting individuals at risk of being spied on or even robbed.
In addition, vulnerabilities have also been identified regarding the Nest Learning Thermostat, a heating and cooling system which had long praised for its ability to adapt itself to the user’s schedule and daily needs, while also saving large amounts of energy by automatically shutting down in the homeowner’s absence.
Now, researchers have just proven that the appliance fails to encrypt the zip code that the user provides while setting up the thermostat.
This information is thus left out in the open, and so is the location of the local weather station that the gadget relies on when adjusting indoor temperatures.
When representatives of the hugely popular smart thermostat were informed regarding this security flaw, they were quick to dispel rumors that the device discloses the user’s actual location.
Confidential data such as the customer’s home address is transmitted through encrypted files, and the only information that can be easily accessed refers to the geoposition of remote or home weather stations.
Even so, it appears that the Internet of All Things may have a long way to go before it gives people the security and protection they seek, when attempting to turn their house into a smart home.
Despite appearing safe at first glance, many modern-day gadgets fail to encrypt all the content they send and receive, thus transmitting private and potentially sensitive information to third parties, while the user remains none the wiser regarding this dangerous data breach.
Image Source: Nest