A group of researchers from the Computer Science Department of Princeton University have proven this fact by setting up smart home laboratory with a passive network tap, and examining the traffic rates of four IoT smart home devices.
The researchers noted that encryption alone does not provide adequate privacy protection for smart homes, as their analysis did not rely on deep packet inspection, just send/receive rates of encrypted traffic.
“A systematic solution for preserving consumer privacy would therefore require ob- fuscating or shaping all smart home traffic to mask variations that encode real world behavior,” they pointed out, and added that such a solution should ideally not negatively impact IoT device performance, should respect data limits, and should not require modification of proprietary device software.
The researchers are aware that each of these solutions is not currently ideal. For example, all the tested IoT devices have limited or no functionality when firewalled to prevent communication outside of the smart home LAN, and that’s something that definitely won’t work both for users and manufacturers.
