Stephan van Rooij, Software Architect at Smartersoft BV (Netherlands) and Microsoft MVP for Security, owns two AEG smart home appliances: the AEG combination microwave (KMK768080B) and the AEG oven (BSK798280B).
as you pointed on his blog This week, you didn’t buy these devices because of their connectivity: the fact that they had Wi-Fi was only discovered after they were purchased.
Internet-connected devices, explained van Rooij, they usually check that internet connectivity is working properly before doing anything else. Companies like Apple, Google and Microsoft have websites dedicated to receiving network availability checks.
However, some ISPs that want to verify Internet connectivity try to connect to popular public websites, assuming they will always be available. According to van Rooij, that’s what AEG, owned by Electrolux, did.
“AEG took the easy way out and checks three public websites every five minutes when connected to Wi-Fi“, he explains, remembering that your smart ovens ping google.com, baidu.cn and yandex.ru.
Google.com is widely known. Baidu.cn is a popular search engine in China and Yandex.ru is a popular search engine in Russia.
“I really don’t like my oven connecting to China and Russia just to check if it has an internet connection”says van Rooij. “If that’s all you do.”
This type of network activity, contacting servers in other countries, is common among smart home appliances. Given the abundance of IoT security vulnerabilities and unnecessary issuance of IP address data to search companies in China and Russia, concern may be justified.