Most of the Internet of Things (IoT) devices used in smart homes encrypt traffic, but a passive observer (for example, an ISP or someone with access to a Wi-Fi network) can learn confidential user information Or its consumer behavior, by analyzing the metadata associated with the traffic of the IoT device.

To confirm this theory, a team of researchers from Princeton University (USA) conducted an experiment in which they analyzed the traffic intensity of four IoT gadgets for smart homes - a Sense electricity consumption monitor, a Nest Cam home camera, a smart WeMo socket and a smart speaker Amazon Echo.

According to scientists, to divide the recorded traffic into streams and associate each of them with a certain device is not so difficult. Based on the information received, an attacker can determine the user's sleep mode when he is at home or how often the virtual assistant Amazon Alexa.

The use of encryption alone can not be considered an adequate measure to protect the privacy of owners of "smart" houses. "A systematic solution to protect the privacy of consumers will require obfuscation or the formation of all smart house traffic to mask the variations by which you can determine the real behavior," the scientists noted, adding that such a decision should not negatively affect the performance of the IoT device and not require Modification of its software.

Researchers also proposed a number of security measures that manufacturers can implement to protect the privacy of users. Among them: blocking outgoing connections to prevent access to data from external devices; Encryption of DNS-requests, so that an attacker could not identify gadgets; Routing traffic through the VPN; Traffic masking.

Internet of Things (IoT) - a wide network of devices connected to the Internet, including smartphones, tablets and almost any "things" equipped with sensors: cars, industrial equipment, jet engines, oil rigs, wearable devices and Much more.