September 21, 2019 at
According to recent research, the beloved
Smart TVs, which allows us to enjoy Internet-based content in the comfort of
our rooms, are helping notable tech companies such as Google, Netflix, and
Facebook by feeding them essential user data.
Those companies, plus several more, are known
for their privacy-invasive practices that, on occasions, can become annoying
and even dangerous. In this case, Smart TVs are leaking user information that
is considered sensitive and private.
Per a report from the Financial Times, some Smart TV models and sets manufactured and sold by prominent companies in the tech industry, such as LG, Samsung, and Apple, as well as other streaming machines and devices such as Roku and Amazon FireTV, are currently sending private data without the consent of the users.
A Disturbingly High
The study was performed by specialists and
researchers from Northeastern University and Imperial College London. The
academics looked at 81 different IoT devices in the United States and the
United Kingdom, including home appliances and Smart TVs.
The final paper had “Information Exposure
From Consumer IoT Devices” as a title, and the results were pretty
disturbing: nearly 35,000 experiments concluded that out of the 81 total
devices, 71 of them are sending customer data to other entities in addition to
the manufacturer of the appliance.
Of the tested devices, over 56% of those in the United States leak data to other agents, and an astonishing 83.8% of the UK’s appliances and hubs will do it, as well. All the devices that underwent the test will send data through plaintext flows.
It doesn’t matter if the data sent is
encrypted or not: in nearly half of the cases, 30 out of 81 to be exact, the
person’s behavior and trends can be detected via eavesdropping, including the
data we share with our smart TVs and other IoT-powered appliances.
Location and IP Address
The most commonly leaked pieces of information
were real-time and precise location and IP numbers, which are usually sent to
external agents and companies such as Microsoft, Google, Spotify, Akamai, and
Netflix by our own IoT gadgets and appliances.
All of the previously mentioned companies implement or offer to its customers’ cloud technologies, which the appliances in question often use for connectivity purposes. That situation paves the way for the easy eavesdropping.
In the specific case of smart TVs, the vast majority of the tested devices would leak information to Netflix. That itself isn’t surprising: the fact that it still happens whether the device in question has an account there or not is, however.
The researchers arrived at the conclusion
that, at minimum, our Smart TVs can leak our information to Netflix about the
specific model of the TV.
Numerous countries are currently debating the
role of big tech companies in user privacy and data property. The results of
this particular study will surely heat up the discussions about the potential
privacy issues associated with the IoT devices we use every day.
The document published by the researchers
noted, however, that while encryption is often implemented to prevent spies and
eavesdroppers from knowing the shared information, it also represents a barrier
to the staff trying to determine the exact data that was being passed to third
A Common Practice
Facebook officials have stated that it is a
common practice that comes with access to the social network included to feed
data to external agents and companies, while Netflix observed that there is;
indeed, data being sent to them but it is used to determine how the platform
looks and performs.
According to Google, each user may configure
the preference and consent levels on how they manage data being shared to them,
and that it is mostly used to customize ads.
For those people interested in knowing whether
their Smart TVs or IoT devices are leaking information to other companies,
researchers at the Princeton University created an open-source tool dubbed IoT
inspector, which implements ARP spoofing to assess the level of connectivity of
each appliance and how much data is being leaked.