In the Room Where It Happens: Characterizing Local Communication and Threats in Smart Homes
Fecha
2024-02-27Resumen
The network communication between Internet of Things (IoT) devices on the same local network has significant implications
for platform and device interoperability, security, privacy, and correctness. Yet, the analysis of local home Wi-Fi network traffic
and its associated security and privacy threats have been largely ignored by prior literature, which typically focuses on studying
the communication between IoT devices and cloud end-points, or detecting vulnerable IoT devices exposed to the Internet. In this
paper, we present a comprehensive and empirical measurement study to shed light on the local communication within a smart
home deployment and its threats. We use a unique combination of passive network traffic captures, protocol honeypots, dynamic
mobile app analysis, and crowdsourced IoT data from participants to identify and analyze a wide range of device activities on
the local network. We then analyze these datasets to characterize local network protocols, security and privacy threats associated
with them. Our analysis reveals vulnerable devices, insecure use of network protocols, and sensitive data exposure by IoT devices.
We provide evidence of how this information is exfiltrated to remote servers by mobile apps and third-party SDKs, potentially for
household fingerprinting, surveillance and cross-device tracking. We make our datasets and analysis publicly available to support
further research in this area.