In the depths of night on Aug. 5, 1914, the British cable ship Alert took the first significant action of World War I, severing the five German submarine cables that ran through the English Channel. This operation was a major blow, forcing Germany to use radio for international communications for the duration of the war.
Together with the increasing use of the newfangled radio for communications between military commanders and their operational units in the field, the British and French could listen in to much of the enemy’s communications.
Shortly after C.S. Alert’s actions in the Channel, the British army set up Room 40 at the admiralty to process the gold mine of information produced by eavesdropping on the enemy’s communications. Much of the information was encrypted, but listeners in Room 40 aimed to crack the codes.
To help, they often used associated traffic analysis to gather the information they needed. This involves looking at other elements of a communication when you don’t know the actual content. You can deduce a lot of information by looking at the time and duration of a message and the location of transmitters. Trained listeners could even detect specific operators by their “fist”—subtle variations in the pattern of the Morse code, like the relative duration of the dots, dashes, and gaps for different letters. Identify the operator and you could identify a specific ship or military unit, locate it with direction finding, and then track its activity over time.
In the modern world it’s the average consumer being listened to. As the Internet of Things grows, we are installing wireless systems in our homes to control lighting, heating, windows, doors, and energy use. We shouldn’t be surprised that the same traffic analysis techniques applied in 1914 can be applied to all these home automation systems, as has been reported by researchers at a conference in Oxford.
The team from Saarland University in Germany acted as malicious attackers and found they were able to build profiles of participants in their study through their home devices, even though they were encrypted. They were able to predict when participants would be away from home by looking at usage patterns in heating and ventilation, for example.
In fact, recent research on radiometric signatures shows that individual devices can be identified just by looking at the subtle differences between the radio signals they emit as a result of variations in the manufacturing process. It’s the modern equivalent of identifying the “fist” of a Morse operator.
One way to avoid your devices giving you away is “masking.” Devices can communicate continually by sending encrypted dummy messages even when they have nothing useful to say. While simple to implement, it is not the greenest or most convenient of solutions. Power is constantly being consumed, which is bad for bills and is a pain for battery-operated devices in particular.
A further solution is to make the radio signal hard to detect. In 1941, famous actress Hedy Lamarr filed U.S. Patent 2,292,387 to protect the invention of “frequency hopping” radio. By jumping from one radio frequency to another rapidly and under the control of a secret key, only a receiver that shares the key can find the transmission. In Lamarr’s patent, this was used to prevent interference with the radio guidance controls of torpedoes.
Derivatives of this original idea are in everyday use today in mobile phone networks and satellite navigation systems such as GPS. In the early 2000s, there was a fad for ultrawideband radio systems, which were proposed as a possible wireless USB standard. Ultrawideband was robust in the face of interference, and it was almost impossible to detect its signal if you didn’t know the key. It was just the thing if you wanted to avoid traffic analysis attacks but not exactly popular among government agencies that might prefer not to allow essentially covert radio communications to be deployed among the population. Ultrawideband has since then almost entirely disappeared from the landscape.
However, before damning home automation, perhaps we might look at other everyday home devices that leak information. Broadband penetration in the United Kingdom has recently been reported as having reached 83 percent of households, according to Eurostat 2014, with the majority of the home routers supplied by Internet service providers offering Wi-Fi. However, anyone can download a software application that runs on standard Windows and Mac personal computers to perform Wi-Fi traffic analysis and identify the computers involved in communications on the Wi-Fi network and see when they are active even if they cannot see the message contents.
And with many modern smartphone apps using push technology to continually synchronize with their servers in the cloud, and the phones in regular communication via your home Wi-Fi network when they are in range, detecting when a smartphone has left the building is a trivial matter. The fact that 83 percent of homes leak information over Wi-Fi seems a bigger matter of concern right now than smart devices snitching on you to the nearest criminal.
All this sort of monitoring requires is for the attacker to be within radio reception distance, and these radio transmissions are designed to only travel tens of meters. So someone would have to either be lurking around in a suspicious manner at the bottom of your garden to record this information or has to plant a snooping device, hope it doesn’t get discovered, and come back to retrieve it later. Or it is your neighbor.
Of greater concern still is the modern trend for cloud-based architecture that transmits all this information into the cloud and stores it unencrypted. A tech-savvy burglar might find it more fruitful to attack the single point in the cloud and obtain not only current data, but the whole history of thousands of households in one go.
But for the truly paranoid—insist on your home automation using wires, change from Wi-Fi to Ethernet, and switch off all that push technology on your smartphone.