A detection system for the sources of information leaks on networked smart devices

An amazing amount of new technology has been introduced into our homes in the 21 st century. Included in this technology, are widely-used smart devices such as smart phones, smart TVs, etc. These smart devices are known for gathering data, which raises concerns about privacy and the risk of information leakage. The purpose of this paper is to bring to light the dangerous practices used by software in these devices. These practices can cause leakage of sensitive data. We decided to deviate from the approach used by anti-viruses. As connectivity is the main feature of smart devices, we decided to design a detection system that solely investigates their network traffic, in search of vulnerabilities that could indicate the presence of leaks. More than just passive search, the system also performs, when possible, a Man in the Middle attack in order to decrypt and analyse the information transiting through the encrypted traffic. We concentrated our experiments on smart phones and smart TVs because these devices are the most commonly used nowadays. Our experimental results demonstrate that many widely-used applications designed for these smart devices present several sources of leakage. We were also able to isolate some actual information leaks. The system described in this paper can be used by users to assess the risks of using a smart device or any of its applications. It can also be used by companies that buy or create new devices or software for smart devices, as a means of auditing the network traffic of their product in order to verify its quality in term of privacy and risk of leakage.