dc.description.abstract | The network communication between Internet of Things (IoT) devices on the
same local network has significant implications for platform
and device interoperability, security, privacy, and
correctness. Yet, the analysis of local home Wi-Fi network traffic and
its associated security and privacy threats have been largely ignored
by prior literature, which typically focuses on studying the communication
between IoT devices and cloud end-points, or detecting vulnerable IoT devices
exposed to the Internet. In this paper, we present a comprehensive and empirical
measurement study to shed light on the local communication within a smart
home deployment and its threats. We use a unique combination of
passive network traffic captures, protocol honeypots, dynamic mobile app analysis,
and crowdsourced IoT data from participants to identify and analyze a
wide range of device activities on the
local network. We then analyze these datasets to characterize local
network protocols, security and privacy threats associated with them.
Our analysis reveals vulnerable devices, insecure use of network protocols,
and sensitive data exposure by IoT devices.
We provide evidence of how this information is
exfiltrated to remote servers by mobile apps and third-party SDKs,
potentially for household fingerprinting, surveillance and cross-device tracking.
We make our datasets and analysis
publicly available to support further research in this area. | es |