The Rise of Personal Data Exfiltration

Dr Julius Neubronner patented a miniature pigeon camera activated by a timing mechanism, 1903You may have heard that LG is collecting usage data, as well as more information, from its SmartTVs, even if you opt-out. They promise to issue a firmware update to fix it, but most consumers will never apply it as it requires a manual configuration to update and a wired Ethernet connection. In other words, LG will continue to collect this data. There are more details here and here. Clearly, the news story here is that they failed to honor the opt-out configuration, but that’s really not what we should be focused on. This is really about data exfiltration. Consider the other devices you have in your house, like that Xbox or Wii, or that blu-ray player that streams Netflix, or any of the myriad other Internet connected devices occupying an IP address on your network. They can all collect usage information and send it off to the manufacturer. Do you know if you opted in for that kind of data collection? I bet most of you don’t, and outside the security community, I’m sure most people don’t.

The fact is that we’re sending data about ourselves to companies all the time, and we have little control over it. We do this, for the most part, willingly because there seems to be very little consequence. What if you could see what data you’re sharing? I suspect that would make a difference. There’s room for a nice, open-source project here, that collects and catalogues the data exiting a home network, then presents it in a data exfiltration oriented way. Consider things like top outgoing URLs, percentage of encrypted traffic, grouping by source devices. This kind of information is certainly available, if only someone would collect and organize it. It would be an interesting offering for an enterprising, consumer-focused ISP to offer too.

*** This is a Security Bloggers Network syndicated blog from firstinitiallastname authored by Tim Erlin. Read the original post at: