A data scientist’s experiment reveals surprising information about interconnected smart devices
Taken from Flickr user CODE_n
By Lauren Kirchner
By arrangement with
How much does your smart home know about you? That was the question that Charles Givre, a data scientist at Booz Allen Hamilton, set out to answer in a recent experiment. Givre has an account on
Last week, at
The goal of his experiment, Givre said, was not to demonstrate security flaws in his devices, but to document the wealth of information that they amass through everyday use. To access his usage history, some accounts required verification keys; others only asked for Givre’s email address and password. He wrote programs to “ping” his devices to gather new information about what was going on in his home in real time, and to find patterns there. He noted that his smart devices seemed to transmit information securely on its way to the companies’ servers, “but most of the interesting stuff was in the cloud anyway.”
But customers may not always be aware of just how much information their devices are collecting about them in the first place.
As the trend toward networked “smart homes” and “connected cars” continues, security precautions are more important than ever. The Federal Trade Commission put out a
The account for Givre’s “
Interconnectedness, while convenient, is a trade-off. This portion of the experiment demonstrated how someone could “leapfrog” from one less-secure account to other accounts with more sensitive information. IFTTT collected his individual car trips in spreadsheets—including times, locations and even the exact routes he had taken—and protected this information only with an email address and password.
“If you were to start aggregating this over time, you could get a frighteningly accurate picture of pretty much where I am at any given time of day,” Givre said.
In fact, this data could also help build a character profile of someone. At the conference, Givre showed a graph of his car-trip frequencies by day of the week; there was a noticeable lack of activity on Saturdays. Why could that be? “I don’t roll on Shabbos,” Givre said, quoting “
When asked about Givre’s findings this week, a spokesperson from Wink emphasized that each customer can only access his or her own account information. “Users should not share their passwords with others or grant access to untrusted applications,” he wrote. A spokesperson from Nest wrote, “Customers have complete control” over what types of information developers would have access to, “and can stop sharing at any time.”
I think consumers need to understand that their relationship with their devices is fundamentally going to change
Buckley Slender-White, a spokesperson from Automatic, said Givre’s car’s VIN was only accessible to the app because Givre had opted to share it. As to Automatic’s sending his car trip information to IFTTT, Slender-White said, “importantly — that data is only accessible to the user and any app that they explicitly grant permission to.”
Smart home devices are part of an industry called the Internet of Things, which attaches data-collecting sensors to objects in order to track, measure or remote-control them. While the technology involved is not new, the industry is still young. Last summer, Ben Kaufman, the founder of Wink’s former parent company Quirky,
Lauren Kirchner is a senior reporting fellow at ProPublica