I started by conducting some research, reading articles, watching videos online which explore the issue in depth. Through this research I found that a group of users who were keen on spying on their IoT devices, existed, They used a range of tools developed by researchers. One tool in particular I found was Princeton's IoT inspector tool. This tool scans your Wi-Fi network and IoT devices, showing you who they are communicating with around the whole world. Before I started using Princeton, I attempted to user Wireshark but found it was quite complex and couldn't get my head around it in the little time I had. Wireshark required writing the code which extracts data from devices yourself, so I felt it was best I used IoT Inspector as this would be done automatically.
The tool itself did a decent job in exposing this, showing the data through a list showing all connections, a bar chart, x-axis showing time, y-axis showing amount of data.
As there was quite an interest in this type of tool, I decided maybe I could create my own tool. First I had to collect my own data. I used this tool and let it scan on my Wi-Fi network for a 24 hour period.
I have decided to focus on the number of bytes entering the device, leaving the device, the locations of the servers the device is communicating with, whether the data is secured HTTPS or unsecured HTTP. I now need to brainstorm visual methods of presenting this data, bearing in mind the constraints of a-frame.
The data collected could be viewed through the Princeton IoT Inspector Tool interface however, I could also download it all. This was returned in the form of a .json file containing literally millions of lines. But after spending time separating the file into pieces, I was able to understand the data. I used built-in excel functions to make my own interpretations. Whilst the tool did give an understandable overview of the data, I found that there was a lot of valuable data I could use in the file which wasn't represented clearly in the tool, for example, I could cross-reference pieces of data such as, get the total number of connections to a particular country, of which, how many unencrypted data packets sent to there.
Bibliography List:
GOV.UK. (2019). Code of Practice for Consumer IoT Security. Available at: https://www.gov.uk/government/publications/code-of-practice-for-consumer-iot-security (Accessed: 2 October 2019).
Narayanan, A. [@random_walker] (2019). When we watch TV, our TVs watch us back and track our habits. This practice has exploded recently since it hasn’t faced much public scrutiny. But in the last few days, not one but *three* papers have dropped that uncover the extent of tracking on TVs. Let me tell you about them. [Twitter] 27 September. Available at: https://twitter.com/random_walker/status/1177570679232876544 (Accessed: 2 October 2019).
Narayanan, A. (2019). When we watch TV, our TVs watch us back and track our habits. This practice has exploded recently since it hasn’t faced much public scrutiny […]. Available at: https://threadreaderapp.com/thread/1177570679232876544.html (Accessed: 2 October 2019).
Simpleoptout.com. (2019). Deep links to opt-out of data sharing by 60+ companies. Available at: https://simpleoptout.com/#samsung (Accessed: 2 October 2019).
Comments