SPLICE

Our focus is to understand what an adversary can learn about smart-home users through their IoT devices. We identify and classify IoT attacks into categories based on an adversary’s level of proximity: physical, nearby, and remote. In our categorization, we also include the adversary’s skills and motivation, the target of an attack, and the available data. Thus, we can deduce the user information that an adversary can access at varying proximity levels, skills, targets, and device data.

We find that personal information such as the users, their names, gender, profession, education, accommodation type, music taste, location, relationship between users, age, health, lifestyle, and political views could all be either directly retrieved or inferred.

To read more about our methods and findings, check out the publication!

Almogbil, Atheer, Momo Steele, Sofia Belikovetsky, Adil Inam, Olivia Wu, Aviel Rubin, and Adam Bates. “Using Behavior Monitoring to Identify Privacy Concerns in Smarthome Environments.” In NDSS Symposium. San Diego, California, 2024. https://www.ndss-symposium.org/ndss-paper/auto-draft-498/.