Initially available for MacOS, the open source Princeton IoT Inspector works on both HomeKit and non-HomeKit devices and is designed to help users identify potential security and privacy issues with the IoT devices on their home networks. With it, users can see the following:
- A list of all the IoT devices on their home network
- When they exchange data with an external server
- Which servers they contact
- Whether those connections are secure
Devices are identified by whatever name they give the network, but can be renamed by users. Anonymized data is shared (only after user consent) with Princeton so that the university can run analysis.
The university cautions that it is using techniques normally used by hackers - specifically ARP spoofing . So, it says, users should only install the tool if they trust Princeton or have inspected the code (which is available on Github ).
The tool requires minimal technical skills and no special hardware. To use the Princeton IoT Inspector, users need to install a Mac app which then opens a web page. The tool requires Chrome or Firefox, and doesn't run in Safari.
Windows and Linux users can join the IoT Inspector Waitlist to be notified when those versions become available.