IoT Information Exposure (IMC ’19)

Paper accepted at IMC ’19.

Information Exposure for Consumer IoT Devices: A Multidimensional, Network-Informed Measurement Approach.

Jingjing Ren, Daniel J. Dubois, David Choffnes (Northeastern University); Anna Maria Mandalari, Roman Kolcun, Hamed Haddadi (Imperial College London) Internet of Things (IoT) devices are increasingly found in everyday homes, providing useful functionality for devices such as TVs, smart speakers, and video doorbells. Along with their benefits come potential privacy risks, since these devices can communicate information about their users to other parties over the Internet. However, understanding these risks in depth and at scale is difficult due to heterogeneity in devices’ user interfaces, protocols, and functionality. In this work, we conduct a multidimensional analysis of information exposure from 81 devices located in labs in the US and UK. Through a total of 34,586 rigorous automated and manual con- trolled experiments, we characterize information exposure in terms of destinations of Internet traffic, whether the contents of communication are protected by encryption, what are the IoT-device interactions that can be inferred from such content, and whether there are unexpected exposures of private and/or sensitive information (e.g., video surreptitiously transmitted by a recording device). We highlight regional differences between these results, potentially due to different privacy regulations in the US and UK. Last, we compare our controlled experiments with data gathered from an in situ user study comprising 36 participants.

lab

About this publication

  • Title: Information Exposure for Consumer IoT Devices: A Multidimensional, Network-Informed Measurement Approach
  • Authors: Jingjing Ren, Daniel J. Dubois, David Choffnes (Northeastern University); Anna Maria Mandalari, Roman Kolcun, Hamed Haddadi (Imperial College London)
  • Venue: Internet Measurement Conference (IMC) 2019
  • Download Full Text (PDF)
  • Download Presentation (will be published here on October 22, 2019)
  • Citation:
    @inproceedings{ren-imc19,
    title={{Information Exposure for Consumer IoT Devices: A Multidimensional, Network-Informed Measurement Approach}},
    author={Ren, Jingjing and Dubois, Daniel J. and Choffnes, David and Mandalari, Anna Maria and Kolcun, Roman and Haddadi, Hamed},
    booktitle={Proc. of the Internet Measurement Conference (IMC)},
    year={2019}
    }
Tools and dataset To develop our work, we used the Mon(IoT)r Testbed, which is software design to facilitate, organize, and automate the capture of network traffic for IoT devices deployed on a local network. For more information on our testbed and to deploy it yourself for your own IoT experiments, you can visit the dedicated page on this website.
For the purpose of this paper, all the software (including automation and analysis scripts), as well as all anonymized dataset without payload, are available on our public Github repository: https://github.com/NEU-SNS/intl-iot.

If you need access to the full dataset (i.e., with payload of all the packets), please contact the Mon(IoT)r research group at [email protected].

Similar Articles:

Opinion | Google’s 4,000-Word Privacy Policy Is a Secret History of the Internet

Opinion | Google’s 4,000-Word Privacy Policy Is a Secret History of the Internet

Quest Diagnostics Says Up to 12 Million Patients May Have Had Financial, Medical, Personal Information Breached

Quest Diagnostics Says Up to 12 Million Patients May Have Had Financial, Medical, Personal Information Breached

“5 Surprisingly Easy Ways We Let People Steal Our Identity.” (From our Forums.)

“5 Surprisingly Easy Ways We Let People Steal Our Identity.” (From our Forums.)

Privacy Policy

Privacy Policy