Information Exposure for Consumer IoT Devices: A Multidimensional, Network-Informed Measurement Approach
Smart Data Seminar with Daniel Dubois, Northeastern University.
The “Data Revolution” is transforming our society in an irreversible way at a pace Internet of Things (IoT) devices are increasingly found in everyday homes, providing useful functionality for devices such as TVs, smart speakers, and video doorbells.
Along with their benefits come potential privacy risks, since these devices can communicate information about their users to other parties over the Internet.
However, understanding these risks in depth and at scale is difficult due to heterogeneity in devices’ user interfaces, protocols, and functionality.
In this work, we conduct a multidimensional analysis of information exposure from 81 devices located in labs in the US and UK. Through a total of 34,586 rigorous automated and manual controlled experiments, we characterize information exposure in terms of destinations of Internet traffic, whether the contents of communication are protected by encryption, what are the IoT-device interactions that can be inferred from such content, and whether there are unexpected exposures of private and/or sensitive information (e.g., video surreptitiously transmitted by a recording device).