Proving the Business Case for the Internet of Things

Princeton study finds smart home devices leak data

William Payne
January 20th 2016
A flaw in Google's Nest smart home thermostats has led the devices to transmit unencrypted location data of their users over the internet. 

The discovery was part of a study carried out by a security group at Princeton University. The group presented their findings at a talk at PrivacyCon held by the United States Federal Trade Commission. 

The researchers found that many home automation devices, not just those produced by Google, leak private information, with apparently little effort made to encrypt data.

The location data transmitted by the Nest thermostat is a zip code. Initially, the researchers believed that the data stream contained detailed latitude, longitude, and other information in addition to the zip code. However, other location data related to neighbouring weather stations, not the home. 

In their presentation, the study authors commented that the Google Nest device was one of the more secure home automation devices available on the market.

However, the revelation comes after news of bug in a software update to Google's Nest that caused the thermostat to crash, leaving many Nest owners with freezing homes. Google identified the problem and provided help quickly, providing instructions on how to reboot the device and the offer of home visits from an electrician for those who couldn't follow the instructions. 

The research group studied other devices, including an Ubi smart speaker that leaked sensor data that could be used to identify if the home was unoccupied.

Devices such as the Samsung SmartThings Hub encrypts data. However, the researchers found that many smart home devices do not have any encryption capabilities.