In the Room Where It Happens: Characterizing Local Communication and Threats in Smart Homes

Aniketh Girish, Tianrui Hu, Vijay Prakash, Daniel J. Dubois, Srdjan Matic, Danny Yuxing Huang, Serge Egelman, Joel Reardon, Juan Tapiador, David Choffnes, Narseo Vallina-Rodriguez

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The network communication between Internet of Things (IoT) devices on the same local network has significant implications for platform and device interoperability, security, privacy, and correctness. Yet, the analysis of local home Wi-Fi network traffic and its associated security and privacy threats have been largely ignored by prior literature, which typically focuses on studying the communication between IoT devices and cloud end-points, or detecting vulnerable IoT devices exposed to the Internet. In this paper, we present a comprehensive and empirical measurement study to shed light on the local communication within a smart home deployment and its threats. We use a unique combination of passive network traffic captures, protocol honeypots, dynamic mobile app analysis, and crowdsourced IoT data from participants to identify and analyze a wide range of device activities on the local network. We then analyze these datasets to characterize local network protocols, security and privacy threats associated with them. Our analysis reveals vulnerable devices, insecure use of network protocols, and sensitive data exposure by IoT devices. We provide evidence of how this information is exfiltrated to remote servers by mobile apps and third-party SDKs, potentially for household fingerprinting, surveillance and cross-device tracking. We make our datasets and analysis publicly available to support further research in this area.

Original languageEnglish (US)
Title of host publicationIMC 2023 - Proceedings of the 2023 ACM on Internet Measurement Conference
PublisherAssociation for Computing Machinery
Pages437-456
Number of pages20
ISBN (Electronic)9798400703829
DOIs
StatePublished - Oct 24 2023
Event23rd ACM Internet Measurement Conference, IMC 2023 - Montreal, Canada
Duration: Oct 24 2023Oct 26 2023

Publication series

NameProceedings of the ACM SIGCOMM Internet Measurement Conference, IMC
ISSN (Print)2150-3761

Conference

Conference23rd ACM Internet Measurement Conference, IMC 2023
Country/TerritoryCanada
CityMontreal
Period10/24/2310/26/23

Keywords

  • household fingerprinting
  • iot
  • local communication
  • privacy
  • security
  • side channels
  • smart home

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'In the Room Where It Happens: Characterizing Local Communication and Threats in Smart Homes'. Together they form a unique fingerprint.

Cite this