Paper accepted at S&P ’23.

Protected or Porous

A Comparative Analysis of Threat Detection Capability of IoT Safeguards

Anna Maria Mandalari (University College London), Hamed Haddadi (Imperial College London), Daniel J. Dubois (Northeastern University), David Choffnes (Northeastern University)

Last updated: 04/14/2023

This is a mirror page for this paper. The original page is available here.

ABSTRACT

Consumer Internet of Things (IoT) devices are increasingly common in everyday homes, from smart speakers to security cameras. Along with their benefits come potential privacy and security threats. To limit these threats a number of commercial services have become available (IoT safeguards). The safeguards claim to provide protection against IoT privacy risks and security threats. However, the effectiveness and the associated privacy risks of these safeguards remains a key open question. In this paper, we investigate the threat detection capability of IoT safeguards for the first time. We develop and release a methodology that relies on automated safeguards experimentation to reveal their response to common security threats and privacy risks. We perform thousands of automated experiments using popular commercial IoT safeguards when deployed in a large IoT testbed. Our results indicate that not only these devices may be ineffective in preventing risks, but also their cloud interactions and data collection operations may introduce privacy risks for the households that adopt them.

ABOUT THIS PUBLICATION

Paper titleProtected or Porous: A Comparative Analysis of Threat Detection Capability of IoT Safeguards.

Authors
: Anna Maria Mandalari (University College London), Hamed Haddadi (Imperial College London), Daniel J. Dubois (Northeastern University), David Choffnes (Northeastern University)

Full Text (PDF)
pre-print available.
Softwareavailable on Github.
Dataavailable on OneDrive.
Presentation: will be added after the symposium.

Citation:

@inproceedings{mandalari-sp23,
title={{Protected or Porous: A Comparative Analysis of Threat Detection Capability of IoT Safeguards}},
author={Mandalari, Anna Maria and Haddadi, Hamed and Dubois, Daniel J. and Choffnes, David},
booktitle={Proc. of the 44th IEEE Symposium on Security and Privacy (Oakland 2023)},
year={2023}
}

ACKNOWLEDGMENTS

  • This research was partially supported by:
    • EPSRC Open Plus Fellowship (EP/W005271/1)
    • EPSRC PETRAS National Centre of Excellence for IoT Systems Cybersecurity (EP/S035362/1)
    • UKRI’s Strategic Priorities Fund under the SDTaP programme’s commercialization stream (10049005)
    • NSF (ProperData SaTC-1955227)