Studies reveal privacy breaches in IoT devices

A joint study between Northeastern University and Imperial College London explored how Internet of things (IoT) devices routinely transmit sensitive data to various companies, usually without securing the data transfer and without informing end users properly. In a series of 34 586 experiments, the study analysed 81 popular smart TVs, streaming dongles, smart speakers, and video doorbells made by companies such as Google, Roku, and Amazon in the USA and the UK. The experiments explored, among others, the destination of user data, use of encryption, and whether there are unexpected leaks of sensitive information. According to the results, most devices collected information including IP address, device specs, usage habits, and location data. That data was then shared with third parties, regardless of whether the user had a relationship with those companies. In another related study, researchers from Princeton University and the University of Chicago analysed TV streaming devices manufactured by Roku and Amazon. Their study revealed that 89% of Amazon Fire TV channels and 69% of Roku channels contained trackers that collected information about viewing habits and preferences, along with other identifiers like device serial numbers and IDs and wi-fi network names. The study also reveals that the countermeasures available on these devices, such as limiting ad tracking options and ad blocking, are ineffective.