Skip to main content

Princeton IoT Inspector lets you see what your smart home devices are up to

Smart home devices are potentially one of the bigger security threats since there is no easy way to check what they are up to on your network. That’s a problem Princeton University has set out to solve, with the Princeton IoT Inspector.

It works on HomeKit and non-HomeKit devices alike …

The tool is Mac-only for now. Using it, you can see:

  • a list of all the IoT devices on your home network
  • when they exchange data with an external server
  • which servers they contact
  • whether those connections are secure

For example, using it I was able to see that my Philips Hue bridge contacted a few seconds ago, exchanging 6KB of data, and that the communication was not encrypted. Sadly, you can’t see the actual content of the transmissions even if unencrypted.

Gizmodo came up with one very practical use for the tool.

Beyond finding out what your smart home is up to, this would be a useful tool to employ when you rent an Airbnb to make sure there’s not a hidden camera secretly livestreaming your stay. Because that’s the world we now live in.

Devices are identified by whatever name they give your network, but you can rename them yourself. Anonymized data is then shared with Princeton so that the university can run analysis (you’ll be asked to consent to this the first time you use the app).

One cautionary note here: Princeton advises that your device names are included in the data sent, so if you use your full name for any of them (eg. Ben Lovejoy’s robocleaner), then that data will be accessible by the university.

The university also cautions that it is using techniques normally used by the bad guys, specifically ARP spoofing. This can do all sorts of dangerous things, so it is definitely a tool you should install only if you trust Princeton or have inspected the code (which is available on Github).

To use the Princeton IoT Inspector, you need to install a Mac app which then opens a webpage. You need to use Chrome or Firefox; it doesn’t run in Safari.

You can download the Princeton IoT Inspector from here.

Because the app isn’t signed by the Mac App Store, it will be blocked by default. When you get the security message, open System Preferences > Security > General and check the box to allow it to open. If Safari is your default browser, then just copy and paste the URL that opens into Chrome or Firefox.

Note: I’ve redacted unique device identifiers from the screengrab above

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Check out 9to5Mac on YouTube for more Apple news:



Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!

Ben Lovejoy's favorite gear