Is your refrigerator spying on you?

September 26, 2018 by Molly Callahan, Northeastern University
David Choffnes, assistant professor, Jingjing Ren, doctoral candidate, and Daniel Dubois, postdoctoral research assistant, work in the Mon(IoT)r Lab in the Interdisciplinary Science and Engineering Complex. Photo by Matthew Modoono/Northeastern University. Credit: Northeastern University

Millions of American homes contain devices connected to the internet that aren't computers. Yours is likely one of them.

If you have a TV that allows you to stream shows from online sites such as Netflix or Hulu; if you have a thermostat you can control with your phone; if you have a refrigerator that notifies you when it's time to buy milk; if you have a voice-activated digital assistant such as Alexa or Siri or Cortana, then you have a that's connected to the internet, also known as a .

The ecosystem of these smart devices is being called the "." And it's supposed to make life easier. If you can set your thermostat to kick on an hour before you come home, you'll save money on heat and be cozy as soon as you walk in.

But very little is known about which data these devices are collecting, and whether they stop when you're not using them.

So, are smart devices collecting data on us while they're supposed to be off? That's what Northeastern assistant professor David Choffnes and his colleagues are studying. And the answer, so far, appears to be yes.

There is an apartment on the sixth floor of the Interdisciplinary Science and Engineering Complex. Not just any old apartment, but a totally 21st-century apartment, packed with more than 80 smart devices. The list includes a smart microwave, rice-cooker, security system, lightbulbs, TV, and refrigerator, among other devices. The room is designed to mimic a regular home, albeit an extremely well-connected version of one.

Choffnes and his colleagues invite students to use the room however they'd like—to watch TV, heat up lunch, listen to music—and they collect the streaming out of it.

"It's not enough to set up a bunch of devices on a table; we needed to create a place where people could interact with these devices the way they would in the real world," Choffnes said. "By looking at the internet traffic, we can answer: Are these devices doing what you would expect? Which servers are they contacting when they connect to the internet?"

Choffnes is working with Jingjing Ren, a doctoral candidate; and Daniel Dubois, a postdoctoral research associate, to collect the data. They started by collecting everything, in order to get a baseline understanding of "what's normal and what's not," Choffnes said.

The data being beamed across the internet by these devices is, for the most part, strictly encrypted. This means Choffnes and his team can't see exactly which information is being communicated, just where it goes and when it's sent.

"That's a good thing because it means your data is protected from would-be eavesdroppers," Choffnes said. "It's bad because it means we can't see what it is, either."

But what they can see has potentially alarming implications.

"What we've found so far is that most devices are doing some kind of activity when they're not being used," Choffnes said.

With the proliferation of smart devices, including in offices and other public spaces, Ren said, the findings could have consequences even for people who don't have them at home.

"You could be in an environment you don't control, with these devices, and you should know what you're getting into," she said.  

It will take more testing and more collection until the researchers can tell where that information is being sent, and why it's being collected in the first place, but their focus is on privacy.

"We, as the users of these devices, ought to be more aware of what they're doing and when," Choffnes said. "You should know up-front the risks of these devices as you enter your home, and our goal is to find ways to protect users who don't want their information shared across devices."

As for the researchers themselves? Almost everything in Dubois' apartment is connected to the . Choffnes and Ren are a little more old school.

"These devices certainly have their usefulness," Choffnes said, regarding smart devices. "I'm just not sure they're for me."

Explore further: New tools to get your smartphone up to speed

Related Stories

Security flaw could have let hackers turn on smart ovens

October 26, 2017

A security flaw in LG's smart home devices gave hackers a way to control the household appliances of millions of customers, including the ability to turn on ovens, a computer security firm revealed on Thursday.

Is your smartphone spying on you?

July 6, 2018

Some popular apps on your phone may be secretly taking screenshots of your activity and sending them to third parties, according to a new study by a team of Northeastern researchers.

Smart home unit Nest is spun back into Google

February 7, 2018

Google is taking back Nest, the smart home unit of parent firm Alphabet, as part of an effort by the tech giant to battle rivals like Amazon and its Alexa digital assistant.

App vs. website: Which best protects your privacy?

September 12, 2016

That's the question that Northeastern researchers, led by assistant professor David Choffnes, ask in new research that explores how free app- and web- based services on Android and iOS mobile devices compare with respect ...

Recommended for you

Researchers engineer a tougher fiber

February 22, 2019

North Carolina State University researchers have developed a fiber that combines the elasticity of rubber with the strength of a metal, resulting in a tougher material that could be incorporated into soft robotics, packaging ...

A quantum magnet with a topological twist

February 22, 2019

Taking their name from an intricate Japanese basket pattern, kagome magnets are thought to have electronic properties that could be valuable for future quantum devices and applications. Theories predict that some electrons ...


Adjust slider to filter visible comments by rank

Display comments: newest first

5 / 5 (2) Sep 26, 2018
I think end users should have the right to get a clear text log of communications. That would solve the 'behind their back' aspect of things. Failing that, there should be a complete description of what data is being sent to whom. This business of spying to monetize the consumer needs to be brought to heel. I'm the customer, not the product.
not rated yet Oct 10, 2018
And of course, one should always be able to turn the ratware off. (Simple with Ethernet, a bit harder to guarantee with wireless if these clowns are nefarious.)

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.