Connect with us

Gadgets

Spy on your smart home with this open source research tool – TechCrunch

Published

on

Researchers at Princeton University have built a web app that lets you (and them) spy on your smart home devices to see what they’re up to.

The open source tool, called IoT Inspector, is available for download here. (Currently it’s Mac OS only, with a wait list for Windows or Linux.)

In a blog about the effort the researchers write that their aim is to offer a simple tool for consumers to analyze the network traffic of their Internet connected gizmos. The basic idea is to help people see whether devices such as smart speakers or wi-fi enabled robot vacuum cleaners are sharing their data with third parties. (Or indeed how much snitching their gadgets are doing.)

Testing the IoT Inspector tool in their lab the researchers say they found a Chromecast device constantly contacting Google’s servers even when not in active use.

A Geeni smart bulb was also found to be constantly communicating with the cloud — sending/receiving traffic via a URL (tuyaus.com) that’s operated by a China-based company with a platform which controls IoT devices.

There are other ways to track devices like this — such as setting up a wireless hotspot to sniff IoT traffic using a packet analyzer like WireShark. But the level of technical expertise required makes them difficult for plenty of consumers.

Whereas the researchers say their web app doesn’t require any special hardware or complicated set-up so it sounds easier than trying to go packet sniffing your devices yourself. (Gizmodo, which got an early look at the tool, describes it as “incredibly easy to install and use”.)

One wrinkle: The web app doesn’t work with Safari; requiring either Firefox or Google Chrome (or a Chromium-based browser) to work.

The main caveat is that the team at Princeton do want to use the gathered data to feed IoT research — so users of the tool will be contributing to efforts to study smart home devices.

The title of their research project is Identifying Privacy, Security, and Performance Risks of Consumer IoT Devices. The listed principle investigators are professor Nick Feamster and postdoctoral researcher Danny Yuxing Huang at the university’s Computer Science department.

The Princeton team says it intends to study privacy and security risks and network performance risks of IoT devices. But they also note they may share the full dataset with other non-Princeton researchers after a standard research ethics approval process. So users of IoT Inspector will be participating in at least one research project. (Though the tool also lets you delete any collected data — per device or per account.)

“With IoT Inspector, we are the first in the research community to produce an open-source, anonymized dataset of actual IoT network traffic, where the identity of each device is labelled,” the researchers write. “We hope to invite any academic researchers to collaborate with us — e.g., to analyze the data or to improve the data collection — and advance our knowledge on IoT security, privacy, and other related fields (e.g., network performance).”

They have produced an extensive FAQ which anyone thinking about running the tool should definitely read before getting involved with a piece of software that’s explicitly designed to spy on your network traffic. (tl;dr, they’re using ARP-spoofing to intercept traffic data — a technique they warn may slow your network, in addition to the risk of their software being buggy.)

The dataset that’s being harvesting by the traffic analyzer tool is anonymized and the researchers specify they’re not gathering any public-facing IP addresses or locations. But there are still some privacy risks — such as if you have smart home devices you’ve named using your real name. So, again, do read the FAQ carefully if you want to participate.

For each IoT device on a network the tool collects multiple data-points and sends them back to servers at Princeton University — including DNS requests and responses; destination IP addresses and ports; hashed MAC addresses; aggregated traffic statistics; TLS client handshakes; and device manufacturers.

The tool has been designed not to track computers, tablets and smartphones by default, given the study focus on smart home gizmos. Users can also manually exclude individual smart devices from being tracked if they’re able to power them down during set up or by specifying their MAC address.

Up to 50 smart devices can be tracked on the network where IoT Inspector is running. Anyone with more than 50 devices is asked to contact the researchers to ask for an increase to that limit.

The project team has produced a video showing how to install the app on Mac:

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Gadgets

Google isn’t moving Legacy G Suite users again, despite admin console warnings

Published

on

Google

Grandfathered-in “Legacy G Suite” users got a scare recently when another new “transition” message started popping up in the Google Admin console. “The transition to Google Workspace has started,” said the new message that suddenly appeared in people’s accounts. This was after Legacy G Suite users went through a contentious transition last year, where Google’s opening position involved shutting down their accounts if people didn’t start paying, but eventually, it was talked into not doing that. A Google spokesperson tells us the Workspace transition message was “a bug that surfaced an old banner from earlier in the process last year, and our team is working on removing it. More changes are not happening at this time, and those who previously opted-in for personal use are not expected to take any further action.”

We’ve received a few questions about this message, and this Reddit post has people wondering what the deal is, but it’s just a bug. That’s great because Legacy G Suite users have gone through enough already. To recap, Google currently offers businesses the option to pay a monthly fee for a Google/Gmail account that ends in a custom domain name instead of @gmail.com. Today this is called “Google Workspace,” but due to Google’s constant rebrands, it was first called “Google Apps for your Domain,” then “Google Apps,” and then “G Suite.” Google’s custom domain service was not always paywalled and not always exclusively aimed at businesses—it was free from 2006 to 2012. Google even pitched these accounts to families as a way to let everyone have similar email addresses. Some people did so, which means today they are getting a paid service for free.

Don't believe a word of this message.
Enlarge / Don’t believe a word of this message.

Last year, the Google accounting department turned its Eye of Sauron on these long-term users and threatened to take away their nearly 16-year-old accounts if they didn’t start paying a business rate for these formerly free and not necessarily business accounts. After a public outcry, Google eventually left these “Legacy G Suite accounts” alone after making users confirm that they were using their accounts for “non-business” purposes. After that, everything was settled.

Legacy G Suite users are specifically not a part of “Workspace,” which is a paid service. So this new message that popped up yesterday suggests they would have moved to another new service. Even though Google says it’s an error that users could see this message, actually following the prompt would lead you to another error message about “Google Workspace for personal use” which is a product that does not exist. Workspace has tiers like “Business Starter,” and grandfathered-in users are on “Legacy G Suite”, but “Workspace for personal use” is not a thing. Apparently, this was all the beta branding for the original plan last year, and somehow it all got published yesterday.

Enlarge / “Google Workspace for personal use” is not a thing that exists.

Lee Hutchinson

Google Workspace for personal use would be a great product for Google to sell, by the way. We’ve complained before that while Apple and Microsoft both sell custom domain email services to consumers at a reasonable rate, Google does not, only offering business email at much more expensive rates. A big part of the Legacy G suite problem is that these personal users have nowhere to go inside Google.

Continue Reading

Gadgets

Apple Q1 earnings miss the mark almost across the board

Published

on

Enlarge / Apple CEO Tim Cook.

Apple reported its earnings for Q1 2023 today, and it was one of the company’s poorest-performing quarters in recent years. It was the company’s biggest decline since 2016 and the first since 2019. Overall revenue was down more than 5 percent year-over-year as the company failed to match sales from the same quarter last year across most of its hardware categories.

iPhone revenue was $65.78 billion for the quarter, down 8.17 percent year over year. Similarly, “Other Products”—which includes the Watch, AirPods, and some other outliers—was down 8.3 percent year over year at $13.48 billion. The real underperformer was the Mac, which was down almost 30 percent at $7.74 billion.

The two parts of the business that did grow were services— which include things like Apple Music and TV+, iCloud, and AppleCare—and the iPad. Services were up 6.4 percent at $20.77 billion, while the iPad grew 29.66 percent to $9.4 billion.

CEO Tim Cook said in the company’s earnings call that Apple faces a “challenging macroeconomic environment.” Besides that, he named two other main factors behind the down quarter: production and supply issues in China and a strong US dollar. Apple struggled to meet consumer demand across many of its products, with shipping sometimes running several weeks behind. Cook said that while Apple might have met analysts’ estimates had the supply issues not been a factor, it’s impossible to know for sure.

On the bright side, Apple says it has resolved many of those supply problems for now and that there are now 2 billion active Apple devices in users’ hands worldwide. And obviously, $117.15 billion in revenue for the quarter is still huge, even if it didn’t meet expectations or match last year.

Apple declined to give guidance on what it expects for the next quarter. It has not done so for any quarter since the pandemic began in 2020.

Continue Reading

Gadgets

Razer’s $280 mouse is covered in gaping holes 

Published

on

Razer

There are a lot of cookie-cutter mice out there that, although made by different manufacturers, have the same shapes and features but rely on mild changes in color or sensor specs to differentiate themselves. So when Razer announced the Viper Mini Signature Edition (SE) today, a wireless mouse that looks like it forgot to get dressed, we took notice.

The Viper Mini SE uses a magnesium alloy chassis “exoskeleton,” as Razer describes it. Lines of dark gray stretch across the mouse’s palm area, creating a web-like design and bold, gaping holes. Razer’s using an extreme take on the honeycomb design, which has holes drilled into a mouse’s chassis to reduce weight. However, the typical honeycomb mouse, like the Glorious Model I, has many more holes that are smaller, while the Viper Mini SE has holes that are so big, it looks like you could poke your finger through them.

It'll be easy for dust to fall into those openings.
Enlarge / It’ll be easy for dust to fall into those openings.

Razer

At first look, I’m immediately concerned about the mouse’s durability. Despite what Razer claims, I still think I’m more likely to break a mouse with 18 holes in it than one with none. Large openings can also attract dust and debris, but bigger holes should make the mouse easier to clean with, for example, an air blower than a  honeycomb mouse topped with more, smaller openings.

Razer graciously gives the mouse a three-year warranty, which is one year longer than it usually gives mice. We’ll be keen to check out reviews and long-term experiences with the Viper Mini SE to see how it fares, especially among power users, like gamers, who tend to use their mice aggressively.

From a glass-half-full perspective, the cavernous mouse could have the benefit of helping the hand on top of it stay cool. With less contact between the user’s hand and the electronics, plus more air flow, users may find their hands clamming up less easily during long hours of intense use. Razer didn’t go so far as to install a cooling fan in the mouse like Marsback’s Zephyr, though.

Big holes help make the Viper Mini SE Razer’s lightest mouse. It’s 1.73 ounces, which is about 30 percent lighter than the Viper Mini (2.15 ounces) with the same form factor and nearly identical dimensions. It’s still not the lightest mouse around, however. For example, Cooler Master’s MM720 is also 0.11 pounds, and Finalmouse has sold mice weighing as little as 1.48 ounces.

With the weight savings gained, it would have been nice if Razer added buttons to the mouse’s right side so it could be truly ambidextrous, like the Razer Viper Ultimate.

Razer's mouse uses a 2.4 GHz USB-A dongle.
Enlarge / Razer’s mouse uses a 2.4 GHz USB-A dongle.

Razer

Razer used magnesium alloy for the mouse because it had the preferred “strength-to-weight ratio.” Plastic, it said, was less sturdy with drilled holes and had minimal weight reduction comparatively. And titanium, while lightweight, stronger, and sturdier, had fabrication limitations. Finally, fabrication limits, plus a heavier weight than plastic, precluded Razer from making the Viper Mini SE with carbon fiber.

According to Razer’s press release, the mouse is made “with an injection-molded exoskeleton that is then CNC machined and polished. The exoskeleton shell then undergoes passivation to reduce any susceptibility to corrosion, after which it is painted and assembled. At each step, each unit is meticulously inspected…”

The Razer Viper Mini SE targets gamers seeking a mouse that’s as easy as possible to flick around their desk. But a featherweight mouse with a high dots-per-inch (DPI) spec (up to 30,000 DPI in the Viper Mini SE’s case) can also appeal to users of increasingly high-resolution monitors and multi-screen setups, or those who find their arm or hand getting tired while mousing.

If you’re looking for a lot of chassis for your buck, this isn’t it. The wireless peripheral will cost a whopping $280 when it debuts February 11.

Continue Reading

Trending