Abstract
Smart Home Devices (SHDs) offer convenience that comes at the cost of security and privacy. SHDs can be subject to attacks and they can be used to conduct attacks on businesses or governments providing services to individuals. In this paper, we report vulnerabilities that have been published in research papers in IEEE Xplore digital library and ACM digital library. We followed a systematic approach to search for vulnerabilities in the literature, analyzed them and placed them in common categories. The study resulted in 153 vulnerabilities. The categories are based on the place of occurrence or component of smart home architecture, such as device, protocol, gateway, network, and software architecture. We also identified areas of research and development that have been underexplored in the past and need further efforts. Researchers, developers and users will benefit from this comprehensive analysis and systematic categorization of smart home vulnerabilities.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
References
Cost of Data Breach Study (2018). www.ibm.com/security/data-breach
Ahmad, W., Sunshine, J., Kaestner, C., Wynne, A.: Enforcing fine-grained security and privacy policies in an ecosystem within an ecosystem. In: Proceedings of the 3rd International Workshop on Mobile Development Lifecycle, MobileDeLi 2015, pp. 28–34. ACM, New York (2015). https://doi.org/10.1145/2846661.2846664
Alanwar, A., Balaji, B., Tian, Y., Yang, S., Srivastava, M.: EchoSafe: sonar-based verifiable interaction with intelligent digital agents. In: Proceedings of the 1st ACM Workshop on the Internet of Safe Things, SafeThings 2017, pp. 38–43. ACM, New York (2017). https://doi.org/10.1145/3137003.3137014
Alharbi, R., Aspinall, D.: An iot analysis framework: an investigation of IoT smart cameras’ vulnerabilities. Living Internet Things: Cybersecur. IoT 2018, 1–10 (2018)
Antonakakis, M., April, T., Bailey, M., Bursztein, E., Cochran, J., Durumeric, Z., Alex Halderman, J., Menscher, D., Seaman, C., Sullivan, N., Thomas, K., Zhou, Y.: Understanding the Mirai botnet. In: Proceedings of the 26th USENIX Security Symposium, Vancouver, BC, Canada, pp. 1093–1110 (2017). https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/antonakakis
Anwar, M.N., Nazir, M., Mustafa, K.: Security threats taxonomy: smart-home perspective. In: 2017 3rd International Conference on Advances in Computing, Communication & Automation (ICACCA) (Fall), pp. 1–4 (2017)
Aouini, I., Ben Azzouz, L., Jebali, M., Saidane, L.A.: Improvements to the smart energy profile security. In: 2017 13th International Wireless Communications and Mobile Computing Conference (IWCMC), pp. 1356–1361 (June 2017)
Apthorpe, N., Reisman, D., Feamster, N.: A smart home is no castle: privacy vulnerabilities of encrypted IoT traffic. In: Data and Algorithmic Transparency Workshop (DAT), New York (2016). http://datworkshop.org/papers/dat16-final37.pdf
Apthorpe, N., Reisman, D., Sundaresan, S., Narayanan, A., Feamster, N.: Spying on the smart home: privacy attacks and defenses on encrypted IoT traffic. arXiv Preprint arxiv:1708.05044 (2017)
Beyer, S.M., Mullins, B.E., Graham, S.R., Bindewald, J.M.: Pattern-of-life modeling in smart homes. IEEE Internet Things J. 5(6), 5317–5325 (2018)
Braga, M.: People are complaining that Amazon Echo is responding to Ads on TV (2015)
Bugeja, J., Jönsson, D., Jacobsson, A.: An investigation of vulnerabilities in smart connected cameras. In: 2018 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), pp. 537–542 (March 2018)
Chang, V., Chundury, P., Chetty, M.: “Spiders in the sky”: user perceptions of drones, privacy, and security. In: Chi 2017 (2017). https://hci.princeton.edu/wp-content/uploads/sites/459/2017/01/CHI2017_CameraReady.pdf
Chatfield, B., Haddad, R.J.: RSSI-based spoofing detection in smart grid IEEE 802.11 home area networks. In: 2017 IEEE Power Energy Society Innovative Smart Grid Technologies Conference (ISGT), pp. 1–5 (April 2017)
Chhetri, C.: Towards a smart home usable privacy framework. In: Conference Companion Publication of the 2019 on Computer Supported Cooperative Work and Social Computing, CSCW 2019, pp. 43–46. Association for Computing Machinery, New York (2019). https://doi.org/10.1145/3311957.3361849
Chhetri, C., Motti, V.G.: Eliciting privacy concerns for smart home devices from a user centered perspective. In: Taylor, N.G., Christian-Lamb, C., Martin, M.H., Nardi, B. (eds.) Information in Contemporary Society, pp. 91–101. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-15742-5_8
Cipriani, J.: What you need to know about encryption on your phone (2016). https://www.cnet.com/news/iphone-android-encryption-fbi/
Conti, M., Kaliyar, P., Rabbani, M.M., Ranise, S.: Split: a secure and scalable RPL routing protocol for Internet of Things. In: 2018 14th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob), pp. 1–8 (2018)
Crossman, M.A., Hong, L.: Study of authentication with IoT testbed. In: 2015 IEEE International Symposium on Technologies for Homeland Security (HST), pp. 1–7 (April 2015)
Das, A.K., Zeadally, S., Wazid, M.: Lightweight authentication protocols for wearable devices. Comput. Electr. Eng. 63, 1–13 (2017). http://linkinghub.elsevier.com/retrieve/pii/S0045790617305347
Fan, K., Wang, S., Ren, Y., Yang, K., Yan, Z., Li, H., Yang, Y.: Blockchain-based secure time protection scheme in IoT. IEEE Internet Things J. 6, 4671–4679 (2019)
Feng, X., Ye, M., Swaminathan, V., Wei, S.: Towards the security of motion detection-based video surveillance on IoT devices. In: Proceedings of the on Thematic Workshops of ACM Multimedia 2017, Thematic Workshops 2017, pp. 228–235. ACM, New York (2017). https://doi.org/10.1145/3126686.3126713
Fernandes, E., Jung, J., Prakash, A.: Security analysis of emerging smart home applications. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 636–654 (2016)
Fouda, M.M., Fadlullah, Z.M., Kato, N.: Assessing attack threat against Zigbee-based home area network for smart grid communications. In: The 2010 International Conference on Computer Engineering Systems, pp. 245–250 (November 2010)
Fuller, J.D., Ramsey, B.W.: Rogue z-wave controllers: a persistent attack channel. In: 2015 IEEE 40th Local Computer Networks Conference Workshops (LCN Workshops), pp. 734–741 (October 2015)
Gawade, A.U., Shekokar, N.M.: Lightweight secure RPL: a need in IoT. In: 2017 International Conference on Information Technology (ICIT), pp. 214–219 (December 2017)
Gong, S., Li, H.: Anybody home? Keeping user presence privacy for advanced metering in future smart grid. In: 2011 IEEE GLOBECOM Workshops (GC Wkshps), pp. 1211–1215 (December 2011)
Gyory, N., Chuah, M.: IoTOne: integrated platform for heterogeneous IoT devices. In: 2017 International Conference on Computing, Networking and Communications (ICNC), pp. 783–787 (January 2017)
Hill, K.: How a creep hacked a baby monitor to say lewd things to a 2-year-old. Forbes.com (2013)
Hoenkamp, R., Huitema, G.B., de Moor-van Vugt, A.J.C.: The neglected consumer: the case of the smart meter rollout in the Netherlands. Renew. Energy Law Policy 4(2011), 269–282 (2014)
Hsieh, W., Leu, J.: A dynamic identity user authentication scheme in wireless sensor networks. In: 2013 9th International Wireless Communications and Mobile Computing Conference (IWCMC), pp. 1132–1137 (July 2013)
Hung, M.: Leading the IoT. Gartner Inc., Stamford (2017). https://www.gartner.com/imagesrv/books/iot/iotEbook_digital.pdf
De Jesus Martins, R., Schaurich, V.G., Knob, L.A.D., Wickboldt, J.A., Filho, A.S., Granville, L.Z., Pias, M.: Performance analysis of 6LoWPAN and CoAP for secure communications in smart homes. In: 2016 IEEE 30th International Conference on Advanced Information Networking and Applications (AINA), pp. 1027–1034 (March 2016)
Jia, X., Li, X., Gao, Y.: A novel semi-automatic vulnerability detection system for smart home. In: Proceedings of the International Conference on Big Data and Internet of Thing, BDIOT2017, pp. 195–199. ACM, New York (2017). https://doi.org/10.1145/3175684.3175718
Jia, Y., Xiao, Y., Yu, J., Cheng, X., Liang, Z., Wan, Z.: A novel graph-based mechanism for identifying traffic vulnerabilities in smart home IoT. In: IEEE INFOCOM 2018 - IEEE Conference on Computer Communications, pp. 1493–1501 (April 2018)
Johnson, R., Elsabagh, M., Stavrou, A., Offutt, J.: Dazed droids: a longitudinal study of android inter-app vulnerabilities. In: Proceedings of the 2018 on Asia Conference on Computer and Communications Security, ASIACCS 2018, pp. 777–791. ACM, New York (2018). https://doi.org/10.1145/3196494.3196549
Kolias, C., Kambourakis, G., Stavrou, A., Voas, J.: DDoS in the IoT: Mirai and other botnets. Computer 50(7), 80–84 (2017)
Lau, J., Zimmerman, B., Schaub, F.: Alexa, are you listening? Privacy perceptions, concerns and privacy-seeking behaviors with smart speakers. Proc. ACM Hum.-Comput. Interact. 2, 102:1–102:31 (2018)
Lee, C., Zappaterra, L., Choi, K., Choi, H.-A.: Securing smart home: technologies, security challenges, and security requirements. In: 2014 IEEE Conference on Communications and Network Security, pp. 67–72 (October 2014)
Lei, M., Yang, Y., Ma, N., Sun, H., Zhou, C., Ma, M.: Dynamically enabled defense effectiveness evaluation of a home Internet based on vulnerability analysis and attack layer measurement. Pers. Ubiquit. Comput. 22(1), 153–162 (2018). https://doi.org/10.1007/s00779-017-1084-3
Lei, X., Tu, G., Liu, A.X., Li, C., Xie, T.: The insecurity of home digital voice assistants - vulnerabilities, attacks and countermeasures. In: 2018 IEEE Conference on Communications and Network Security (CNS), pp. 1–9 (May 2018)
Li, H., Gong, S., Lai, L., Han, Z., Qiu, R.C., Yang, D.: Efficient and secure wireless communications for advanced metering infrastructure in smart grids. IEEE Trans. Smart Grid 3(3), 1540–1551 (2012)
Ling, Z., Luo, J., Xu, Y., Gao, C., Wu, K., Fu, X.: Security vulnerabilities of Internet of Things: a case study of the smart plug system. IEEE Internet Things J. 4(6), 1899–1909 (2017)
Liu, H., Li, C., Jin, X., Li, J., Zhang, Y., Gu, D.: Smart solution, poor protection: an empirical study of security and privacy issues in developing and deploying smart home devices. In: Proceedings of the 2017 Workshop on Internet of Things Security and Privacy, IoTS&P 2017, pp. 13–18. ACM, New York (2017). https://doi.org/10.1145/3139937.3139948
Liu, Y., Hu, S., Ho, T.: Leveraging strategic detection techniques for smart home pricing cyberattacks. IEEE Trans. Dependable Secur. Comput. 13(2), 220–235 (2016)
Liu, Y., Hu, S., Ho, T.Y.: Vulnerability assessment and defense technology for smart home cybersecurity considering pricing cyberattacks. In: Proceedings of the 2014 IEEE/ACM International Conference on Computer-Aided Design, ICCAD 2014, pp. 183–190. IEEE Press, Piscataway (2014). http://dl.acm.org/citation.cfm?id=2691365.2691404
Liu, Y., Hu, S., Wu, J., Shi, Y., Jin, Y., Hu, Y., Li, X.: Impact assessment of net metering on smart home cyberattack detection. In: Proceedings of the 52nd Annual Design Automation Conference, DAC 2015, pp. 97:1–97:6. ACM, New York (2015). https://doi.org/10.1145/2744769.2747930
Ma, X., Goonawardene, N., Tan, H.P.: Identifying elderly with poor sleep quality using unobtrusive in-home sensors for early intervention. In: Proceedings of the 4th EAI International Conference on Smart Objects and Technologies for Social Good, Goodtechs 2018, pp. 94–99. ACM, New York (2018). https://doi.org/10.1145/3284869.3284894
Mahadewa, K.T., Wang, K., Bai, G., Shi, L., Dong, J.S., Liang, Z.: Homescan: scrutinizing implementations of smart home integrations. In: 2018 23rd International Conference on Engineering of Complex Computer Systems (ICECCS), pp. 21–30 (December 2018)
Malik, K.M., Malik, H., Baumann, R.: Towards vulnerability analysis of voice-driven interfaces and countermeasures for replay attacks. In: 2019 IEEE Conference on Multimedia Information Processing and Retrieval (MIPR), pp. 523–528 (March 2019)
McMahon, E., Patton, M., Samtani, S., Chen, H.: Benchmarking vulnerability assessment tools for enhanced cyber-physical system (CPS) resiliency. In: 2018 IEEE International Conference on Intelligence and Security Informatics (ISI), pp. 100–105 (November 2018)
Meng, Y., Wang, Z., Zhang, W., Wu, P., Zhu, H., Liang, X., Liu, Y.: Wivo: enhancing the security of voice control system via wireless signal in IoT environment. In: Proceedings of the Eighteenth ACM International Symposium on Mobile Ad Hoc Networking and Computing, Mobihoc 2018, pp. 81–90. ACM, New York (2018). https://doi.org/10.1145/3209582.3209591
Menon, D.M., Radhika, N.: Anomaly detection in smart grid traffic data for home area network. In: 2016 International Conference on Circuit, Power and Computing Technologies (ICCPCT), pp. 1–4 (March 2016)
Moody, M., Hunter, A.: Exploiting known vulnerabilities of a smart thermostat. In: 2016 14th Annual Conference on Privacy, Security and Trust (PST), pp. 50–53 (December 2016)
Mosenia, A., Jha, N.K.: A comprehensive study of security of Internet-of-Things. IEEE Trans. Emerg. Top. Comput. 5(4), 586–602 (2016)
Namboodiri, V., Aravinthan, V., Mohapatra, S.N., Karimi, B., Jewell, W.: Toward a secure wireless-based home area network for metering in smart grids. IEEE Syst. J. 8(2), 509–520 (2014)
Roux, J., Alata, E., Auriol, G., Kaâniche, M., Nicomette, V., Cayre, R.: RadIoT: radio communications intrusion detection for IoT - a protocol independent approach. In: 2018 IEEE 17th International Symposium on Network Computing and Applications (NCA), pp. 1–8 (November 2018)
Roux, J., Alata, E., Auriol, G., Nicomette, V., Kâaniche, M.: Toward an intrusion detection approach for IoT based on radio communications profiling. In: 2017 13th European Dependable Computing Conference (EDCC), pp. 147–150 (September 2017)
Salami, S.A., Baek, J., Salah, K., Damiani, E.: Lightweight encryption for smart home. In: 2016 11th International Conference on Availability, Reliability and Security (ARES), pp. 382–388 (August 2016)
Saleh, M., Al Barghuthi, N.B., Alawadhi, K., Sallal, F., Ferrah, A.: Streamlining “smart grid end point devices” vulnerability testing using single board computer. In: 2018 Advances in Science and Engineering Technology International Conferences (ASET), pp. 1–6 (February 2018)
Sanchez, I., Satta, R., Fovino, I.N., Baldini, G., Steri, G., Shaw, D., Ciardulli, A.: Privacy leakages in smart home wireless technologies. In: 2014 International Carnahan Conference on Security Technology (ICCST), pp. 1–6 (October 2014)
Shen, T., Ma, M.: Security enhancements on home area networks in smart grids. In: 2016 IEEE Region 10 Conference (TENCON), pp. 2444–2447 (November 2016)
Sivanathan, A., Loi, F., Gharakheili, H.H., Sivaraman, V.: Experimental evaluation of cybersecurity threats to the smart-home. In: 2017 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS), pp. 1–6 (December 2017)
Sivaraman, V., Chan, D., Earl, D., Boreli, R.: Smart-phones attacking smart-homes. In: Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks, WiSec 2016, pp. 195–200. ACM, New York (2016). https://doi.org/10.1145/2939918.2939925
Sun, A., Gong, W., Shea, R., Liu, J.: A castle of glass: leaky IoT appliances in modern smart homes. IEEE Wirel. Commun. 25(6), 32–37 (2018)
Tabrizi, F.M., Pattabiraman, K.: Intrusion detection system for embedded systems. In: Proceedings of the Doctoral Symposium of the 16th International Middleware Conference, Middleware Doct Symposium 2015, pp. 9:1–9:4. ACM, New York (2015). https://doi.org/10.1145/2843966.2843975
Tekeoglu, A., Tosun, A.: Blackbox security evaluation of Chromecast network communications. In: 2014 IEEE 33rd International Performance Computing and Communications Conference (IPCCC), pp. 1–2 (December 2014)
Tekeoglu, A., Tosun, A.: A closer look into privacy and security of Chromecast multimedia cloud communications. In: 2015 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp. 121–126 (April 2015)
Trimananda, R., Younis, A., Wang, B., Xu, B., Demsky, B., Xu, G.: Vigilia: securing smart home edge computing. In: 2018 IEEE/ACM Symposium on Edge Computing (SEC), pp. 74–89 (October 2018)
Whitehurst, L.N., Andel, T.R., McDonald, J.T.: Exploring security in ZigBee networks. In: Proceedings of the 9th Annual Cyber and Information Security Research Conference, CISR 2014, pp. 25–28. ACM, New York (2014). https://doi.org/10.1145/2602087.2602090
Wurm, J., Hoang, K., Arias, O., Sadeghi, A., Jin, Y.: Security analysis on consumer and industrial IoT devices. In: 2016 21st Asia and South Pacific Design Automation Conference (ASP-DAC), pp. 519–524 (January 2016)
Zeng, E., Mare, S., Roesner, F.: End user security & privacy concerns with smart homes. In: Symposium on Usable Privacy and Security (SOUPS) (2017)
Zhang, M., Liu, Y., Wang, J., Hu, Y.: A new approach to security analysis of wireless sensor networks for smart home systems. In: 2016 International Conference on Intelligent Networking and Collaborative Systems (INCoS), pp. 318–323 (September 2016)
Acknowledgment
This research was funded in part by 4-VA, a collaborative partnership for advancing the Commonwealth of Virginia.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Chhetri, C., Motti, V. (2021). Identifying Vulnerabilities in Security and Privacy of Smart Home Devices. In: Choo, KK.R., Morris, T., Peterson, G.L., Imsand, E. (eds) National Cyber Summit (NCS) Research Track 2020. NCS 2020. Advances in Intelligent Systems and Computing, vol 1271. Springer, Cham. https://doi.org/10.1007/978-3-030-58703-1_13
Download citation
DOI: https://doi.org/10.1007/978-3-030-58703-1_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-58702-4
Online ISBN: 978-3-030-58703-1
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)