Home Data InspectorHelping users identify potential security and privacy vulnerabilities of their connected smart home devices
Many people use smart-home devices in their daily lives. From smart bulbs and plugs to TVs and kitchen appliances, we’re living in the age of the Internet-of-Things (IoT). While these devices can enrich our lives, they may also have negative impacts on our data security, or put our privacy at risk.
Many IoT devices are designed with poor security practices, such as using hard-coded passwords, lack of strong authentication, or not running updates. Devices could also be hacked, and an attacker could potentially control the devices or steal sensitive information. Further, having many IoT devices in the home can mean competition for limited bandwidth, which may degrade the overall performance of the home network.
Led by Innovation Lab Fellow, Danny Huang, Home Data Inspector (HDI) measures and visualizes these risks, both for you in your own home life, and for researchers to better understand the risks of IoT devices. HDI is an open-source software that you can download to inspect your home network and identify any privacy, security, and performance problems associated with your IoT devices.
Currently, HDI is an open source application that you can run on laptops or desktops (Iit does not work on tablets or smartphones). By using a technique known as “ARP spoofing,” this software monitors the network activities of all IoT devices connected to the home network (e.g., your “smart” appliances). For the more technically minded folks who would like to see the open source software, click here.
HDI is also a research tool – it can collect anonymized data that helps us better understand the universe of IoT devices — specifically, measuring and mitigating their security, privacy, and performance problems.
At a glance information
HDI is currently being tested and iterated on. As is, HDI can be installed by MAC users, can detect the devices in your home and tell you who your device is communicating with. It collects and shows you the following information:
- who the IoT device contacts on the Internet, and whether the contacted party is malicious or is known to track users
- how much data is exchanged (in terms of bytes per second) between the device and the contacted parties
- how often the data is exchanged
Later versions of HDI will also identify any privacy, security, and performance problems associated with your IoT devices.
There’s lots in store for the build out of HDI. We’ll continue A/B testing to determine the best UX/UI of HDI. In our next internal release, we will ask users to voluntarily contribute data to help us better understand the universe of IoT devices — specifically, measuring and mitigating their security, privacy, and performance problems.
For now, the milestones ahead include:
- PC Version. Add explanation
- More A/B Testing. Add explanation.
- Features & Customization. Add explanation
- Research the Landscape. Continue research on the broader ecosystem of IoT devices
You too can be an internal tester of HDI if you have a MAC computer. Steps to install are here.