Internet of Things (IoT) 11 May 2017

A Smart Home is No Castle: Privacy Vulnerabilities of Encrypted IoT Traffic


The increasing popularity of specialized Internetconnected devices and appliances, dubbed the Internet-of-Things (IoT), promises both new conveniences and new privacy concerns. Unlike traditional web browsers, many IoT devices have always-on sensors that constantly monitor fine-grained details of users’ physical environments and influence the devices’ network communications. Passive network observers, such as Internet service providers, could potentially analyze IoT network traffic to infer sensitive details about users. Here, we examine several commercially-available IoT smart home devices and find that their network traffic rates reveal potentially sensitive user interactions even when the traffic is encrypted. These results suggest technical approaches for protecting IoT device owner privacy and indicate that IoT-specific concerns must be considered in the ongoing policy debate around ISP data collection and usage.

  • Apthorpe thumbnail
  • Apthorpe thumbnail

Related Resources

Building Trust 31 August 2020

Policy Toolkit on IoT Security and Privacy

The Policy Toolkit on IoT Security and Privacy is a practical resource for policymakers and regulators to strengthen the...

Building Trust 1 November 2019

Security Factsheet: Keeping Your Workplace Safe Online

For many of us the Internet is a staple in our day-to-day lives – especially at our jobs. But...

Internet of Things (IoT) 19 September 2019

Policy Brief: IoT Privacy for Policymakers

Introduction The Internet of Things, or IoT, is the latest wave of integration of technology into our lives and...