In the depths of night on August 5th 1914 the British Cable Ship Alert took the first significant action of World War I, severing the five German submarine cables that ran through the English Channel. This operation was a major blow, forcing Germany to use radio for international communications for the duration of the war.
Together with the increasing use of the new-fangled radio for communications between military commanders and their operational units in the field the British and French could listen in to much of the enemy’s communications.
Shortly after CS Alert’s actions in the Channel, The British army set up Room 40 at the admiralty to process the goldmine of information produced by eavesdropping on the enemy’s communications. Much of the information was encrypted but listeners in Room 40 aimed to crack the codes.
To help, they often used associated traffic-analysis to gather the information they needed. This involves looking at other elements of a communication when you don’t know the actual content. You can deduce a lot of information by looking at the time and duration of a message and the location of transmitters. Trained listeners could even detect specific operators by their “fist” – subtle variations in the pattern of the Morse code, like the relative duration of the dots, dashes and gaps for different letters. Identify the operator and you could identify a specific ship or military unit, locate it with direction finding, and then track their activity over time.
In the modern world it’s the average consumer being listened to. As the internet of things grows, we are installing wireless systems in our homes to control lighting, heating, windows, doors and energy use. We shouldn’t be surprised that the same traffic-analysis techniques applied in 1914 can be applied to all these home automation systems, as has been reported by researchers at a conference in Oxford.
The team from Saarland University in Germany acted as malicious attackers and found they were able to build profiles of participants in their study through their home devices, even though they were encrypted. They were able to predict when participants would be away from home by looking at usage patterns in heating and ventilation, for example.
In fact recent research on radiometric signatures shows that individual devices can be identified just by looking at the subtle differences between the radio signals they emit as a result of variations in the manufacturing process. It’s the modern equivalent of identifying the “fist” of a Morse operator.
Your best defence
One way to avoid your devices giving you away is “masking”. Devices can communicate continually by sending encrypted dummy messages even when they have nothing useful to say. While simple to implement, it is not the greenest or most convenient of solutions. Power is constantly being consumed, which is bad for bills and is a pain for battery-operated devices in particular.
A further solution is to make the radio signal hard to detect. In 1941, famous actress Heddy Lamarr filed US Patent 2,292,387 to protect the invention of “frequency hopping” radio. By jumping from one radio frequency to another rapidly and under the control of a secret key, only a receiver that shares the key can find the transmission. In Heddy’s patent, this was used to prevent interference with the radio guidance controls of torpedoes.
Derivatives of this original idea are in everyday use today in mobile phone networks and satellite navigation systems such as GPS. In the early 2000s, there was a fad for ultrawideband radio systems, which were proposed as a possible wireless USB standard. Ultrawideband was robust in the face of interference and it was almost impossible to detect its signal if you didn’t know the key. It was just the thing if you wanted to avoid traffic-analysis attacks but not exactly popular among government agencies who might prefer not to allow essentially covert radio communications to be deployed among the population. Ultrawideband has since then almost entirely disappeared from the landscape.
However, before damning home automation, perhaps we might look at other everyday home devices that leak information. Broadband penetration in the UK has recently been reported as having reached 83% of households (Eurostat 2014) with the majority of the home routers supplied by internet service providers offering wifi. However, anyone can download a software application that runs on standard Windows and Mac personal computers to perform wifi traffic-analysis and identify the computers involved in communications on the wifi network and see when they are active even if they cannot see the message contents.
And with many modern smart phone apps using push technology to continually synchronise with their servers in the cloud the phones are in regular communication via your home wifi network when they are in range, detecting when a smartphone has left the building is a trivial matter.
The fact that 83% of homes leak information over wifi seems a bigger matter of concern right now than smart devices snitching on you to the nearest criminal.
All this sort of monitoring requires is for the attacker to be within radio reception distance, and these radio transmissions are designed to only travel tens of metres. So someone would have to either be lurking around in a suspicious manner at the bottom of your garden to record this information; or has to plant a snooping device, hope it doesn’t get discovered, and come back to retrieve it later. Or, it is your neighbour.
Of greater concern still is the modern trend for cloud-based architecture that transmits all this information into the cloud and stores it unencrypted. A tech-savvy burglar might find it more fruitful to attack the single point in the cloud and obtain not only current data, but the whole history of thousands of households in one go.
But for the the truly paranoid – insist on your home automation using wires, change from wifi to Ethernet and switch off all that push technology on your smartphone.