IoT devices in US & UK send user data to third-parties including Netflix, Microsoft, and Google

Recent research from the London based Northeastern University and Imperial College has revealed that several Internet of Things (IoT) devices including TVs, smart home hubs, smart speakers, doorbells, and appliances mostly used in the US and UK households send user information to third parties including Netflix, Spotify, Microsoft, Akamai, and Google.

The researchers analyzed 80 IoT devices and 71 among them (56 % of the US IoT devices and 83.8 % of the UK devices) were found to be exposing information to third-parties, with the most common data shared by IoT devices being the location data and IP addresses.

Almost all the smart TVs included in the study were found to share user data with Netflix. In the case of video doorbells, the video recordings are sent to its service provider based on movement sensors.

In their paper - ‘Information Exposure From Consumer IoT Devices’, the researchers stated that “We analyzed both unencrypted and encrypted content in this section.

First, we found very limited sensitive or personal information exposed in plaintext—a welcome observation given the sensitivity of data potentially exposed by such devices. Second, we found that even when devices use encryption, the timing patterns of their network traffic permits reliable identification of the interactions that caused the network traffic.

Put another way, an eavesdropper can reliably learn a user’s interactions with a device across a wide range of categories, opening the potential for profiling and other privacy-invasive techniques.” researchers said in a paper titled