Is our data secure?

data
security

#1

Looking at the little orange Sense device, I’m assuming it is not storing all the data it gathers locally. That means some server in the cloud has data about my use of electricity. Could the FBI get a warrant to search Sense’s data from my house and find out the times my garage door opened and closed? Or search my device list names for “Pot Greenhouse heater”?

Please don’t get the wrong idea, I’m not afraid of the FBI! I’m just posing a hypothetical question to discuss.


#2

I would say yes, your data is secure. But if the FBI issues a warrant, does it matter at this point? They have to release it…As a startup, I don’t see them having many resources to put up a legal fight. One could argu, the FBI could also get a warrant for the power company, because guess what, they can see how much you use too.


#3

I have had some concerns about Sense as well as many other current and future internet connected devices. While Sense doesn’t directly control anything, and thus, you can’t say turn on heat to 90 degrees, you can via IFTTT.

I’d love to know what the details are of the interface in order to tighten this and other devices and protect my network. E.g.,

  • Does it use a VNC connection to secure the data?
  • What are the network ports used and protocols (as in TCP, UDP, Both, Other) and what to forward in our routers.

However the easy method might be to use a guest wi-fi setting on your router so that it doesn’t have access to your main network.

The better way might be to create a VLAN (Virtual LAN) so that it is isolated from the rest of the network. I’m am starting to figure out the best (and easiest methods) to create a VLAN to enhance security for my internet devices, but I have to find time to consider the best way to configure it.


#4

Hey guys! At Sense we take security very seriously and we do everything we can to ensure your data is secure. All communications between the Sense monitor, the Sense cloud servers, and Sense apps are encrypted with AES 128-bit encryption and TLS/SSL (HTTPS). Sense uses Amazon Web Services (AWS) for cloud servers and online storage. Amazon’s security policies can be found here: http://aws.amazon.com/security/. Our Privacy Policy can be read here: https://sense.com/privacy.html.


#5

Regarding the two more specific questions:

  • No, we don’t.
  • TCP
    https 443
    wss 8482
    DNS 53
    NTP 123

Hope this helps!


#6

[quote=“Maarja-Liis, post:5, topic:335”]
Regarding the two more specific questions:[/quote]

Thank you for the information regarding security and router communications. May I suggest adding it into the FAQ. This is something every web-enabled device should publish, as we are starting to see bot nets utilizing smart devices to do DDoS and other such internet attacks, and using our devices to monitor and control things.

For Sense, as a growing company, you should probably take steps (if you haven’t already) to make the data so the source is anonymous, even to most people in-house, and track any access to data that is not anonymous, similar to HIPAA requirements.

As a company grows, it is difficult to vet the honesty of each and every new employee. As an example, looking at the house power usage data of Sense, it is possible to tell when a house is asleep, or vacant, as well as what devices they may own (e.g. a large screen TV), allowing for a thief to rob a home. Kind of extreme, I know, but it is easier doing this from the ground up before the company gets too large.


#7

We appreciate your feedback and will surely take this under consideration! Some of this information is actually available in our FAQ section already and it can be found here: https://help.sense.com/hc/en-us below the question “How do you keep my data secure?”.


closed #8