Princeton University

Spy on your smart home with this open source research tool

Posted by | chromium, Gadgets, Internet of Things, IoT, IoT Inspector, Princeton University, privacy, privacy research, Security, smart devices, smart home devices, traffic analyzer, WireShark | No Comments

Researchers at Princeton University have built a web app that lets you (and them) spy on your smart home devices to see what they’re up to.

The open source tool, called IoT Inspector, is available for download here. (Currently it’s Mac OS only, with a wait list for Windows or Linux.)

In a blog about the effort the researchers write that their aim is to offer a simple tool for consumers to analyze the network traffic of their Internet connected gizmos. The basic idea is to help people see whether devices such as smart speakers or wi-fi enabled robot vacuum cleaners are sharing their data with third parties. (Or indeed how much snitching their gadgets are doing.)

Testing the IoT Inspector tool in their lab the researchers say they found a Chromecast device constantly contacting Google’s servers even when not in active use.

A Geeni smart bulb was also found to be constantly communicating with the cloud — sending/receiving traffic via a URL (tuyaus.com) that’s operated by a China-based company with a platform which controls IoT devices.

There are other ways to track devices like this — such as setting up a wireless hotspot to sniff IoT traffic using a packet analyzer like WireShark. But the level of technical expertise required makes them difficult for plenty of consumers.

Whereas the researchers say their web app doesn’t require any special hardware or complicated set-up so it sounds easier than trying to go packet sniffing your devices yourself. (Gizmodo, which got an early look at the tool, describes it as “incredibly easy to install and use”.)

One wrinkle: The web app doesn’t work with Safari; requiring either Firefox or Google Chrome (or a Chromium-based browser) to work.

The main caveat is that the team at Princeton do want to use the gathered data to feed IoT research — so users of the tool will be contributing to efforts to study smart home devices.

The title of their research project is Identifying Privacy, Security, and Performance Risks of Consumer IoT Devices. The listed principle investigators are professor Nick Feamster and postdoctoral researcher Danny Yuxing Huang at the university’s Computer Science department.

The Princeton team says it intends to study privacy and security risks and network performance risks of IoT devices. But they also note they may share the full dataset with other non-Princeton researchers after a standard research ethics approval process. So users of IoT Inspector will be participating in at least one research project. (Though the tool also lets you delete any collected data — per device or per account.)

“With IoT Inspector, we are the first in the research community to produce an open-source, anonymized dataset of actual IoT network traffic, where the identity of each device is labelled,” the researchers write. “We hope to invite any academic researchers to collaborate with us — e.g., to analyze the data or to improve the data collection — and advance our knowledge on IoT security, privacy, and other related fields (e.g., network performance).”

They have produced an extensive FAQ which anyone thinking about running the tool should definitely read before getting involved with a piece of software that’s explicitly designed to spy on your network traffic. (tl;dr, they’re using ARP-spoofing to intercept traffic data — a technique they warn may slow your network, in addition to the risk of their software being buggy.)

The dataset that’s being harvesting by the traffic analyzer tool is anonymized and the researchers specify they’re not gathering any public-facing IP addresses or locations. But there are still some privacy risks — such as if you have smart home devices you’ve named using your real name. So, again, do read the FAQ carefully if you want to participate.

For each IoT device on a network the tool collects multiple data-points and sends them back to servers at Princeton University — including DNS requests and responses; destination IP addresses and ports; hashed MAC addresses; aggregated traffic statistics; TLS client handshakes; and device manufacturers.

The tool has been designed not to track computers, tablets and smartphones by default, given the study focus on smart home gizmos. Users can also manually exclude individual smart devices from being tracked if they’re able to power them down during set up or by specifying their MAC address.

Up to 50 smart devices can be tracked on the network where IoT Inspector is running. Anyone with more than 50 devices is asked to contact the researchers to ask for an increase to that limit.

The project team has produced a video showing how to install the app on Mac:

Powered by WPeMatico

Tencent leads $50M investment in NewsDog, an app vying to be India’s Toutiao

Posted by | alibaba, alibaba group, Android, App Annie, Apps, artificial intelligence, Asia, Baidu, Fundings & Exits, Goldman Sachs, india, legend capital, Media, Paytm, practo, Princeton University, TC, Tencent, Times Internet, Toutiao, Tsinghua University | No Comments

The growth of China’s Bytedance, an ambitious $30 billion tech firm, and its highly addictive Toutiao news aggregator app has set off a search for services with similar growth potential across the world.

India, second in population only to China with rapidly growing internet access, is an obvious place to look, and would-be pretender to the Toutiao crown has been found in the shape of NewsDog, a Chinese company that stumbled on success in India. Today, NewsDog announced a $50 million Series C round led by Chinese internet giant Tencent.

Toutiao is a phenomenon in China. The app has around 200 million daily users, and it is one of the few new tech products to emerge in a China where Tencent and Alibaba dominate the consumer app landscape. Point in case, it is so mainstream now that it has even run into issues with China’s internet censors. Toutiao is essentially a news aggregation service that lets consumers catch their daily reads and discover stories with an experience tailored to their habits and likes.

That’s very much the style of NewsDog, which claims over 50 million users. The service has branched out to cover 10 of Indians many languages, while it recently established a platform — ‘WeMedia’ — that augments its content aggregation by allowing users to submit stories, too.

This round is a major milestone for the company. In a competitive environment, it is the largest fundraising round from a news app company in India while it more obviously brings Tencent, the $500 billion tech giant, on board with its experience and support. Other investors include Chinese VCs Danhua Capital (DHVC) and Legend Capital as well as Chinese mobile app firm DotC United.

NewsDog’s competition includes Dailyhunt — which is backed by Toutiao-owner Bytedance — Inshorts, which counts Tiger Global among its investors, and NewsPoint, which is owned by media firm Times Internet.

One other competition is UC News, a service from Alibaba-owned UC Web, which, like NewsDog, is Chinese.

NewsDog was launched in 2016 by CEO Forrest Chen Yukun, a computer science graduate from Tsinghua University graduate, and Yi Ma, who holds a PhD from Princeton University and previously worked at Baidu and Goldman Sachs .

Data from App Annie shows that NewsDog is the top news app in the Google Play Store in India — Android is the country’s dominant operating system — ahead of Dailyhunt and NewsPoint in second and third, respectively. According to Sensor Tower, another app download analytics service, the app has 43 million installs and its downloads grew 76 percent year-on-year in the first quarter of the year.

NewsDog plans to use this new funding to pull further ahead of the competition by focusing on adding more languages and deepening its content library.

The company said it is already using machine learning to help produce an experience that is customized to users — the experience that Toutiao pioneered in China — and it plans to double down on that.

“Poly culture and multiple languages make content matching an incredibly hard problem,” Chen said in a statement. “So far, we have made good initial progress but content business is like an endless journey. There is no finish line, you have to just keep running.”

NewsDog is aiming to reach 100 million users as its next milestone as India’s internet population surges. The country is tipped to reach 500 million internet users by June 2018, according to a report from the Internet and Mobile Association of India (IAMAI) and Kantar IMRB. That’s up from 481 million six months prior, but internet penetration in rural areas is at just 20 percent compared with 65 percent in urban India which indicates even more growth potential.

For Tencent, meanwhile, this investment is another upping of its pace in India.

Initially, the company was slow to put money to work in India, where Alibaba entered early to buy stakes in the likes of Paytm, but gradually Tencent has got its checkbook out. Its most notable India-based deals include WhatsApp challenger Hike, healthcare platform Practo, and music service Gaana. This year, it is reportedly focusing on finding promising early-stage startups where it can invest $5-15 million.

In NewsDog, Tencent will hope to jump on the news aggregator train that it missed in China, giving Bytedance an opportunity to become a major Chinese consumer brand.

Powered by WPeMatico