TY - GEN
T1 - In the Room Where It Happens
T2 - 23rd ACM Internet Measurement Conference, IMC 2023
AU - Girish, Aniketh
AU - Hu, Tianrui
AU - Prakash, Vijay
AU - Dubois, Daniel J.
AU - Matic, Srdjan
AU - Huang, Danny Yuxing
AU - Egelman, Serge
AU - Reardon, Joel
AU - Tapiador, Juan
AU - Choffnes, David
AU - Vallina-Rodriguez, Narseo
N1 - Publisher Copyright:
© 2023 Owner/Author.
PY - 2023/10/24
Y1 - 2023/10/24
N2 - The network communication between Internet of Things (IoT) devices on the same local network has significant implications for platform and device interoperability, security, privacy, and correctness. Yet, the analysis of local home Wi-Fi network traffic and its associated security and privacy threats have been largely ignored by prior literature, which typically focuses on studying the communication between IoT devices and cloud end-points, or detecting vulnerable IoT devices exposed to the Internet. In this paper, we present a comprehensive and empirical measurement study to shed light on the local communication within a smart home deployment and its threats. We use a unique combination of passive network traffic captures, protocol honeypots, dynamic mobile app analysis, and crowdsourced IoT data from participants to identify and analyze a wide range of device activities on the local network. We then analyze these datasets to characterize local network protocols, security and privacy threats associated with them. Our analysis reveals vulnerable devices, insecure use of network protocols, and sensitive data exposure by IoT devices. We provide evidence of how this information is exfiltrated to remote servers by mobile apps and third-party SDKs, potentially for household fingerprinting, surveillance and cross-device tracking. We make our datasets and analysis publicly available to support further research in this area.
AB - The network communication between Internet of Things (IoT) devices on the same local network has significant implications for platform and device interoperability, security, privacy, and correctness. Yet, the analysis of local home Wi-Fi network traffic and its associated security and privacy threats have been largely ignored by prior literature, which typically focuses on studying the communication between IoT devices and cloud end-points, or detecting vulnerable IoT devices exposed to the Internet. In this paper, we present a comprehensive and empirical measurement study to shed light on the local communication within a smart home deployment and its threats. We use a unique combination of passive network traffic captures, protocol honeypots, dynamic mobile app analysis, and crowdsourced IoT data from participants to identify and analyze a wide range of device activities on the local network. We then analyze these datasets to characterize local network protocols, security and privacy threats associated with them. Our analysis reveals vulnerable devices, insecure use of network protocols, and sensitive data exposure by IoT devices. We provide evidence of how this information is exfiltrated to remote servers by mobile apps and third-party SDKs, potentially for household fingerprinting, surveillance and cross-device tracking. We make our datasets and analysis publicly available to support further research in this area.
KW - household fingerprinting
KW - iot
KW - local communication
KW - privacy
KW - security
KW - side channels
KW - smart home
UR - http://www.scopus.com/inward/record.url?scp=85177544871&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85177544871&partnerID=8YFLogxK
U2 - 10.1145/3618257.3624830
DO - 10.1145/3618257.3624830
M3 - Conference contribution
AN - SCOPUS:85177544871
T3 - Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC
SP - 437
EP - 456
BT - IMC 2023 - Proceedings of the 2023 ACM on Internet Measurement Conference
PB - Association for Computing Machinery
Y2 - 24 October 2023 through 26 October 2023
ER -