Skip to main content
SpringerLink
Log in

Identifying Vulnerabilities in Security and Privacy of Smart Home Devices

  • Conference paper
  • First Online:
National Cyber Summit (NCS) Research Track 2020 (NCS 2020)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 1271))

Included in the following conference series:

Abstract

Smart Home Devices (SHDs) offer convenience that comes at the cost of security and privacy. SHDs can be subject to attacks and they can be used to conduct attacks on businesses or governments providing services to individuals. In this paper, we report vulnerabilities that have been published in research papers in IEEE Xplore digital library and ACM digital library. We followed a systematic approach to search for vulnerabilities in the literature, analyzed them and placed them in common categories. The study resulted in 153 vulnerabilities. The categories are based on the place of occurrence or component of smart home architecture, such as device, protocol, gateway, network, and software architecture. We also identified areas of research and development that have been underexplored in the past and need further efforts. Researchers, developers and users will benefit from this comprehensive analysis and systematic categorization of smart home vulnerabilities.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    ieeexplore.ieee.org.

  2. 2.

    dl.acm.org.

  3. 3.

    kali.org.

  4. 4.

    https://www.openhab.org/.

References

  1. Cost of Data Breach Study (2018). www.ibm.com/security/data-breach

  2. Ahmad, W., Sunshine, J., Kaestner, C., Wynne, A.: Enforcing fine-grained security and privacy policies in an ecosystem within an ecosystem. In: Proceedings of the 3rd International Workshop on Mobile Development Lifecycle, MobileDeLi 2015, pp. 28–34. ACM, New York (2015). https://doi.org/10.1145/2846661.2846664

  3. Alanwar, A., Balaji, B., Tian, Y., Yang, S., Srivastava, M.: EchoSafe: sonar-based verifiable interaction with intelligent digital agents. In: Proceedings of the 1st ACM Workshop on the Internet of Safe Things, SafeThings 2017, pp. 38–43. ACM, New York (2017). https://doi.org/10.1145/3137003.3137014

  4. Alharbi, R., Aspinall, D.: An iot analysis framework: an investigation of IoT smart cameras’ vulnerabilities. Living Internet Things: Cybersecur. IoT 2018, 1–10 (2018)

    Google Scholar 

  5. Antonakakis, M., April, T., Bailey, M., Bursztein, E., Cochran, J., Durumeric, Z., Alex Halderman, J., Menscher, D., Seaman, C., Sullivan, N., Thomas, K., Zhou, Y.: Understanding the Mirai botnet. In: Proceedings of the 26th USENIX Security Symposium, Vancouver, BC, Canada, pp. 1093–1110 (2017). https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/antonakakis

  6. Anwar, M.N., Nazir, M., Mustafa, K.: Security threats taxonomy: smart-home perspective. In: 2017 3rd International Conference on Advances in Computing, Communication & Automation (ICACCA) (Fall), pp. 1–4 (2017)

    Google Scholar 

  7. Aouini, I., Ben Azzouz, L., Jebali, M., Saidane, L.A.: Improvements to the smart energy profile security. In: 2017 13th International Wireless Communications and Mobile Computing Conference (IWCMC), pp. 1356–1361 (June 2017)

    Google Scholar 

  8. Apthorpe, N., Reisman, D., Feamster, N.: A smart home is no castle: privacy vulnerabilities of encrypted IoT traffic. In: Data and Algorithmic Transparency Workshop (DAT), New York (2016). http://datworkshop.org/papers/dat16-final37.pdf

  9. Apthorpe, N., Reisman, D., Sundaresan, S., Narayanan, A., Feamster, N.: Spying on the smart home: privacy attacks and defenses on encrypted IoT traffic. arXiv Preprint arxiv:1708.05044 (2017)

  10. Beyer, S.M., Mullins, B.E., Graham, S.R., Bindewald, J.M.: Pattern-of-life modeling in smart homes. IEEE Internet Things J. 5(6), 5317–5325 (2018)

    Article  Google Scholar 

  11. Braga, M.: People are complaining that Amazon Echo is responding to Ads on TV (2015)

    Google Scholar 

  12. Bugeja, J., Jönsson, D., Jacobsson, A.: An investigation of vulnerabilities in smart connected cameras. In: 2018 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), pp. 537–542 (March 2018)

    Google Scholar 

  13. Chang, V., Chundury, P., Chetty, M.: “Spiders in the sky”: user perceptions of drones, privacy, and security. In: Chi 2017 (2017). https://hci.princeton.edu/wp-content/uploads/sites/459/2017/01/CHI2017_CameraReady.pdf

  14. Chatfield, B., Haddad, R.J.: RSSI-based spoofing detection in smart grid IEEE 802.11 home area networks. In: 2017 IEEE Power Energy Society Innovative Smart Grid Technologies Conference (ISGT), pp. 1–5 (April 2017)

    Google Scholar 

  15. Chhetri, C.: Towards a smart home usable privacy framework. In: Conference Companion Publication of the 2019 on Computer Supported Cooperative Work and Social Computing, CSCW 2019, pp. 43–46. Association for Computing Machinery, New York (2019). https://doi.org/10.1145/3311957.3361849

  16. Chhetri, C., Motti, V.G.: Eliciting privacy concerns for smart home devices from a user centered perspective. In: Taylor, N.G., Christian-Lamb, C., Martin, M.H., Nardi, B. (eds.) Information in Contemporary Society, pp. 91–101. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-15742-5_8

  17. Cipriani, J.: What you need to know about encryption on your phone (2016). https://www.cnet.com/news/iphone-android-encryption-fbi/

  18. Conti, M., Kaliyar, P., Rabbani, M.M., Ranise, S.: Split: a secure and scalable RPL routing protocol for Internet of Things. In: 2018 14th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob), pp. 1–8 (2018)

    Google Scholar 

  19. Crossman, M.A., Hong, L.: Study of authentication with IoT testbed. In: 2015 IEEE International Symposium on Technologies for Homeland Security (HST), pp. 1–7 (April 2015)

    Google Scholar 

  20. Das, A.K., Zeadally, S., Wazid, M.: Lightweight authentication protocols for wearable devices. Comput. Electr. Eng. 63, 1–13 (2017). http://linkinghub.elsevier.com/retrieve/pii/S0045790617305347

    Article  Google Scholar 

  21. Fan, K., Wang, S., Ren, Y., Yang, K., Yan, Z., Li, H., Yang, Y.: Blockchain-based secure time protection scheme in IoT. IEEE Internet Things J. 6, 4671–4679 (2019)

    Article  Google Scholar 

  22. Feng, X., Ye, M., Swaminathan, V., Wei, S.: Towards the security of motion detection-based video surveillance on IoT devices. In: Proceedings of the on Thematic Workshops of ACM Multimedia 2017, Thematic Workshops 2017, pp. 228–235. ACM, New York (2017). https://doi.org/10.1145/3126686.3126713

  23. Fernandes, E., Jung, J., Prakash, A.: Security analysis of emerging smart home applications. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 636–654 (2016)

    Google Scholar 

  24. Fouda, M.M., Fadlullah, Z.M., Kato, N.: Assessing attack threat against Zigbee-based home area network for smart grid communications. In: The 2010 International Conference on Computer Engineering Systems, pp. 245–250 (November 2010)

    Google Scholar 

  25. Fuller, J.D., Ramsey, B.W.: Rogue z-wave controllers: a persistent attack channel. In: 2015 IEEE 40th Local Computer Networks Conference Workshops (LCN Workshops), pp. 734–741 (October 2015)

    Google Scholar 

  26. Gawade, A.U., Shekokar, N.M.: Lightweight secure RPL: a need in IoT. In: 2017 International Conference on Information Technology (ICIT), pp. 214–219 (December 2017)

    Google Scholar 

  27. Gong, S., Li, H.: Anybody home? Keeping user presence privacy for advanced metering in future smart grid. In: 2011 IEEE GLOBECOM Workshops (GC Wkshps), pp. 1211–1215 (December 2011)

    Google Scholar 

  28. Gyory, N., Chuah, M.: IoTOne: integrated platform for heterogeneous IoT devices. In: 2017 International Conference on Computing, Networking and Communications (ICNC), pp. 783–787 (January 2017)

    Google Scholar 

  29. Hill, K.: How a creep hacked a baby monitor to say lewd things to a 2-year-old. Forbes.com (2013)

    Google Scholar 

  30. Hoenkamp, R., Huitema, G.B., de Moor-van Vugt, A.J.C.: The neglected consumer: the case of the smart meter rollout in the Netherlands. Renew. Energy Law Policy 4(2011), 269–282 (2014)

    Google Scholar 

  31. Hsieh, W., Leu, J.: A dynamic identity user authentication scheme in wireless sensor networks. In: 2013 9th International Wireless Communications and Mobile Computing Conference (IWCMC), pp. 1132–1137 (July 2013)

    Google Scholar 

  32. Hung, M.: Leading the IoT. Gartner Inc., Stamford (2017). https://www.gartner.com/imagesrv/books/iot/iotEbook_digital.pdf

  33. De Jesus Martins, R., Schaurich, V.G., Knob, L.A.D., Wickboldt, J.A., Filho, A.S., Granville, L.Z., Pias, M.: Performance analysis of 6LoWPAN and CoAP for secure communications in smart homes. In: 2016 IEEE 30th International Conference on Advanced Information Networking and Applications (AINA), pp. 1027–1034 (March 2016)

    Google Scholar 

  34. Jia, X., Li, X., Gao, Y.: A novel semi-automatic vulnerability detection system for smart home. In: Proceedings of the International Conference on Big Data and Internet of Thing, BDIOT2017, pp. 195–199. ACM, New York (2017). https://doi.org/10.1145/3175684.3175718

  35. Jia, Y., Xiao, Y., Yu, J., Cheng, X., Liang, Z., Wan, Z.: A novel graph-based mechanism for identifying traffic vulnerabilities in smart home IoT. In: IEEE INFOCOM 2018 - IEEE Conference on Computer Communications, pp. 1493–1501 (April 2018)

    Google Scholar 

  36. Johnson, R., Elsabagh, M., Stavrou, A., Offutt, J.: Dazed droids: a longitudinal study of android inter-app vulnerabilities. In: Proceedings of the 2018 on Asia Conference on Computer and Communications Security, ASIACCS 2018, pp. 777–791. ACM, New York (2018). https://doi.org/10.1145/3196494.3196549

  37. Kolias, C., Kambourakis, G., Stavrou, A., Voas, J.: DDoS in the IoT: Mirai and other botnets. Computer 50(7), 80–84 (2017)

    Article  Google Scholar 

  38. Lau, J., Zimmerman, B., Schaub, F.: Alexa, are you listening? Privacy perceptions, concerns and privacy-seeking behaviors with smart speakers. Proc. ACM Hum.-Comput. Interact. 2, 102:1–102:31 (2018)

    Article  Google Scholar 

  39. Lee, C., Zappaterra, L., Choi, K., Choi, H.-A.: Securing smart home: technologies, security challenges, and security requirements. In: 2014 IEEE Conference on Communications and Network Security, pp. 67–72 (October 2014)

    Google Scholar 

  40. Lei, M., Yang, Y., Ma, N., Sun, H., Zhou, C., Ma, M.: Dynamically enabled defense effectiveness evaluation of a home Internet based on vulnerability analysis and attack layer measurement. Pers. Ubiquit. Comput. 22(1), 153–162 (2018). https://doi.org/10.1007/s00779-017-1084-3

    Article  Google Scholar 

  41. Lei, X., Tu, G., Liu, A.X., Li, C., Xie, T.: The insecurity of home digital voice assistants - vulnerabilities, attacks and countermeasures. In: 2018 IEEE Conference on Communications and Network Security (CNS), pp. 1–9 (May 2018)

    Google Scholar 

  42. Li, H., Gong, S., Lai, L., Han, Z., Qiu, R.C., Yang, D.: Efficient and secure wireless communications for advanced metering infrastructure in smart grids. IEEE Trans. Smart Grid 3(3), 1540–1551 (2012)

    Article  Google Scholar 

  43. Ling, Z., Luo, J., Xu, Y., Gao, C., Wu, K., Fu, X.: Security vulnerabilities of Internet of Things: a case study of the smart plug system. IEEE Internet Things J. 4(6), 1899–1909 (2017)

    Article  Google Scholar 

  44. Liu, H., Li, C., Jin, X., Li, J., Zhang, Y., Gu, D.: Smart solution, poor protection: an empirical study of security and privacy issues in developing and deploying smart home devices. In: Proceedings of the 2017 Workshop on Internet of Things Security and Privacy, IoTS&P 2017, pp. 13–18. ACM, New York (2017). https://doi.org/10.1145/3139937.3139948

  45. Liu, Y., Hu, S., Ho, T.: Leveraging strategic detection techniques for smart home pricing cyberattacks. IEEE Trans. Dependable Secur. Comput. 13(2), 220–235 (2016)

    Article  Google Scholar 

  46. Liu, Y., Hu, S., Ho, T.Y.: Vulnerability assessment and defense technology for smart home cybersecurity considering pricing cyberattacks. In: Proceedings of the 2014 IEEE/ACM International Conference on Computer-Aided Design, ICCAD 2014, pp. 183–190. IEEE Press, Piscataway (2014). http://dl.acm.org/citation.cfm?id=2691365.2691404

  47. Liu, Y., Hu, S., Wu, J., Shi, Y., Jin, Y., Hu, Y., Li, X.: Impact assessment of net metering on smart home cyberattack detection. In: Proceedings of the 52nd Annual Design Automation Conference, DAC 2015, pp. 97:1–97:6. ACM, New York (2015). https://doi.org/10.1145/2744769.2747930

  48. Ma, X., Goonawardene, N., Tan, H.P.: Identifying elderly with poor sleep quality using unobtrusive in-home sensors for early intervention. In: Proceedings of the 4th EAI International Conference on Smart Objects and Technologies for Social Good, Goodtechs 2018, pp. 94–99. ACM, New York (2018). https://doi.org/10.1145/3284869.3284894

  49. Mahadewa, K.T., Wang, K., Bai, G., Shi, L., Dong, J.S., Liang, Z.: Homescan: scrutinizing implementations of smart home integrations. In: 2018 23rd International Conference on Engineering of Complex Computer Systems (ICECCS), pp. 21–30 (December 2018)

    Google Scholar 

  50. Malik, K.M., Malik, H., Baumann, R.: Towards vulnerability analysis of voice-driven interfaces and countermeasures for replay attacks. In: 2019 IEEE Conference on Multimedia Information Processing and Retrieval (MIPR), pp. 523–528 (March 2019)

    Google Scholar 

  51. McMahon, E., Patton, M., Samtani, S., Chen, H.: Benchmarking vulnerability assessment tools for enhanced cyber-physical system (CPS) resiliency. In: 2018 IEEE International Conference on Intelligence and Security Informatics (ISI), pp. 100–105 (November 2018)

    Google Scholar 

  52. Meng, Y., Wang, Z., Zhang, W., Wu, P., Zhu, H., Liang, X., Liu, Y.: Wivo: enhancing the security of voice control system via wireless signal in IoT environment. In: Proceedings of the Eighteenth ACM International Symposium on Mobile Ad Hoc Networking and Computing, Mobihoc 2018, pp. 81–90. ACM, New York (2018). https://doi.org/10.1145/3209582.3209591

  53. Menon, D.M., Radhika, N.: Anomaly detection in smart grid traffic data for home area network. In: 2016 International Conference on Circuit, Power and Computing Technologies (ICCPCT), pp. 1–4 (March 2016)

    Google Scholar 

  54. Moody, M., Hunter, A.: Exploiting known vulnerabilities of a smart thermostat. In: 2016 14th Annual Conference on Privacy, Security and Trust (PST), pp. 50–53 (December 2016)

    Google Scholar 

  55. Mosenia, A., Jha, N.K.: A comprehensive study of security of Internet-of-Things. IEEE Trans. Emerg. Top. Comput. 5(4), 586–602 (2016)

    Article  Google Scholar 

  56. Namboodiri, V., Aravinthan, V., Mohapatra, S.N., Karimi, B., Jewell, W.: Toward a secure wireless-based home area network for metering in smart grids. IEEE Syst. J. 8(2), 509–520 (2014)

    Article  Google Scholar 

  57. Roux, J., Alata, E., Auriol, G., Kaâniche, M., Nicomette, V., Cayre, R.: RadIoT: radio communications intrusion detection for IoT - a protocol independent approach. In: 2018 IEEE 17th International Symposium on Network Computing and Applications (NCA), pp. 1–8 (November 2018)

    Google Scholar 

  58. Roux, J., Alata, E., Auriol, G., Nicomette, V., Kâaniche, M.: Toward an intrusion detection approach for IoT based on radio communications profiling. In: 2017 13th European Dependable Computing Conference (EDCC), pp. 147–150 (September 2017)

    Google Scholar 

  59. Salami, S.A., Baek, J., Salah, K., Damiani, E.: Lightweight encryption for smart home. In: 2016 11th International Conference on Availability, Reliability and Security (ARES), pp. 382–388 (August 2016)

    Google Scholar 

  60. Saleh, M., Al Barghuthi, N.B., Alawadhi, K., Sallal, F., Ferrah, A.: Streamlining “smart grid end point devices” vulnerability testing using single board computer. In: 2018 Advances in Science and Engineering Technology International Conferences (ASET), pp. 1–6 (February 2018)

    Google Scholar 

  61. Sanchez, I., Satta, R., Fovino, I.N., Baldini, G., Steri, G., Shaw, D., Ciardulli, A.: Privacy leakages in smart home wireless technologies. In: 2014 International Carnahan Conference on Security Technology (ICCST), pp. 1–6 (October 2014)

    Google Scholar 

  62. Shen, T., Ma, M.: Security enhancements on home area networks in smart grids. In: 2016 IEEE Region 10 Conference (TENCON), pp. 2444–2447 (November 2016)

    Google Scholar 

  63. Sivanathan, A., Loi, F., Gharakheili, H.H., Sivaraman, V.: Experimental evaluation of cybersecurity threats to the smart-home. In: 2017 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS), pp. 1–6 (December 2017)

    Google Scholar 

  64. Sivaraman, V., Chan, D., Earl, D., Boreli, R.: Smart-phones attacking smart-homes. In: Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks, WiSec 2016, pp. 195–200. ACM, New York (2016). https://doi.org/10.1145/2939918.2939925

  65. Sun, A., Gong, W., Shea, R., Liu, J.: A castle of glass: leaky IoT appliances in modern smart homes. IEEE Wirel. Commun. 25(6), 32–37 (2018)

    Article  Google Scholar 

  66. Tabrizi, F.M., Pattabiraman, K.: Intrusion detection system for embedded systems. In: Proceedings of the Doctoral Symposium of the 16th International Middleware Conference, Middleware Doct Symposium 2015, pp. 9:1–9:4. ACM, New York (2015). https://doi.org/10.1145/2843966.2843975

  67. Tekeoglu, A., Tosun, A.: Blackbox security evaluation of Chromecast network communications. In: 2014 IEEE 33rd International Performance Computing and Communications Conference (IPCCC), pp. 1–2 (December 2014)

    Google Scholar 

  68. Tekeoglu, A., Tosun, A.: A closer look into privacy and security of Chromecast multimedia cloud communications. In: 2015 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp. 121–126 (April 2015)

    Google Scholar 

  69. Trimananda, R., Younis, A., Wang, B., Xu, B., Demsky, B., Xu, G.: Vigilia: securing smart home edge computing. In: 2018 IEEE/ACM Symposium on Edge Computing (SEC), pp. 74–89 (October 2018)

    Google Scholar 

  70. Whitehurst, L.N., Andel, T.R., McDonald, J.T.: Exploring security in ZigBee networks. In: Proceedings of the 9th Annual Cyber and Information Security Research Conference, CISR 2014, pp. 25–28. ACM, New York (2014). https://doi.org/10.1145/2602087.2602090

  71. Wurm, J., Hoang, K., Arias, O., Sadeghi, A., Jin, Y.: Security analysis on consumer and industrial IoT devices. In: 2016 21st Asia and South Pacific Design Automation Conference (ASP-DAC), pp. 519–524 (January 2016)

    Google Scholar 

  72. Zeng, E., Mare, S., Roesner, F.: End user security & privacy concerns with smart homes. In: Symposium on Usable Privacy and Security (SOUPS) (2017)

    Google Scholar 

  73. Zhang, M., Liu, Y., Wang, J., Hu, Y.: A new approach to security analysis of wireless sensor networks for smart home systems. In: 2016 International Conference on Intelligent Networking and Collaborative Systems (INCoS), pp. 318–323 (September 2016)

    Google Scholar 

Download references

Acknowledgment

This research was funded in part by 4-VA, a collaborative partnership for advancing the Commonwealth of Virginia.

Author information

Authors and Affiliations

  1. George Mason University, Fairfax, VA, 22030, USA

    Chola Chhetri & Vivian Motti

Authors
  1. Chola Chhetri
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vivian Motti
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Chola Chhetri .

Editor information

Editors and Affiliations

  1. Department of Information Systems, The University of Texas at San Antonio, San Antonio, TX, USA

    Kim-Kwang Raymond Choo

  2. University of Alabama in Huntsville, Huntsville, AL, USA

    Tommy Morris

  3. Air Force Institute of Technology, Wright-Patterson AFB, OH, USA

    Gilbert L. Peterson

  4. University of Alabama in Huntsville, Decatur, AL, USA

    Eric Imsand

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Chhetri, C., Motti, V. (2021). Identifying Vulnerabilities in Security and Privacy of Smart Home Devices. In: Choo, KK.R., Morris, T., Peterson, G.L., Imsand, E. (eds) National Cyber Summit (NCS) Research Track 2020. NCS 2020. Advances in Intelligent Systems and Computing, vol 1271. Springer, Cham. https://doi.org/10.1007/978-3-030-58703-1_13

Download citation

Publish with us

Policies and ethics

Search

Navigation