research-article

Smart Solution, Poor Protection: An Empirical Study of Security and Privacy Issues in Developing and Deploying Smart Home Devices

Authors:

Hui Liu,

Dawu GuAuthors Info & Claims

IoTS&P '17: Proceedings of the 2017 Workshop on Internet of Things Security and Privacy

Pages 13 - 18

https://doi.org/10.1145/3139937.3139948

Published: 03 November 2017 Publication History

Get Access

Abstract

The concept of Smart Home drives the upgrade of home devices from traditional mode to an Internet-connected version. Instead of developing the smart devices from scratch, manufacturers often utilize existing smart home solutions released by large IT companies (e.g., Amazon, Google) to help build the smart home network. A smart home solution provides components such as software development kit (SDK) and relevant management system to boost the development and deployment of smart home devices. Nonetheless, the participating of third-party SDKs and management systems complicates the workflow of such devices. If not meticulously assessed, the complex workflow often leads to the violation of privacy and security to both the consumer and the manufacturer. In this paper, we illustrate how the security and privacy of smart home devices are affected by JoyLink, a widely used smart home solution. We demonstrate a concrete analysis combined with network traffic interception, source code audit, and binary code reverse engineering to evince that the design of smart home solution is error-prone. We argue that if the security and privacy issues are not considered, devices using the solution are inevitably vulnerable and thus the privacy and security of smart home are seriously threatened.

References

[1]

2017. JoyLink 2.0. (2017). Retrieved September 16, 2017 from http://devsmart.jd.com/dev/apiDocDir

Google Scholar

[2]

2017. Linux Xtensa. (2017). Retrieved September 16, 2017 from http://www.linux-xtensa.org/

Google Scholar

[3]

2017. Qualcomm QCA4010 SoC. (2017). Retrieved September 16, 2017 from https://www.qualcomm.com/products/qca4010

Google Scholar

[4]

Hossein Fereidooni, Jiska Classen, Tom Spink, Paul Patras, Markus Miettinen, Ahmad-Reza Sadeghi, Matthias Hollick, and Mauro Conti. 2017. Breaking Fitness Records without Moving: Reverse Engineering and Spoofing Fitbit. arXiv preprint arXiv:1706.09165 (2017).

Google Scholar

[5]

Earlence Fernandes, Jaeyeon Jung, and Atul Prakash. 2016. Security Analysis of Emerging Smart Home Applications. In Proceedings of the 37th IEEE Symposium on Security and Privacy (SP).

Crossref

Google Scholar

[6]

Rohit Goyal, Nicola Dragoni, and Angelo Spognardi. 2016. Mind the Tracker You Wear: A Security Analysis of Wearable Health Trackers. In Proceedings of the 31st Annual ACM Symposium on Applied Computing (SAC).

Digital Library

Google Scholar

[7]

Network Working Group Internet-Draft. 2017. Secure IoT Bootstrapping: A Survey. (2017). Retrieved September 16, 2017 from https://tools.ietf.org/html/draft-sarikaya-t2trg-sbootstrapping-03

Google Scholar

[8]

Eyal Ronen, Adi Shamir, Achi-Or Weingarten, and Colin O'Flynn. 2017. IoT Goes Nuclear: Creating a ZigBee Chain Reaction. In Proceedings of the 38th IEEE Symposium on Security and Privacy (SP).

Crossref

Google Scholar

[9]

Veracode. 2015. The Internet of Things: Security Research Study. (2015). Retrieved September 16, 2017 from https://www.veracode.com/sites/default/files/Resources/Whitepapers/internet-of-things-whitepaper.pdf

Google Scholar

[10]

Rui Wang, Yuchen Zhou, Shuo Chen, Shaz Qadeer, David Evans, and Yuri Gurevich. 2013. Explicating SDKs: Uncovering Assumptions Underlying Secure Authentication and Authorization. In Proceedings of the 22nd USENIX Security Symposium.

Google Scholar

[11]

Wenbo Yang, Yuanyuan Zhang, Juanru Li, Hui Liu, Qing Wang, Yueheng Zhang, and Dawu Gu. 2017. Show Me the Money! Finding Flawed Implementations of Third-party In-app Payment in Android Apps. (2017).

Google Scholar

Cited By

View all

Wang CCassidy LHe WPierson TKotz DXu CDavies N(2024)Challenges and opportunities in onboarding smart-home devicesProceedings of the 25th International Workshop on Mobile Computing Systems and Applications10.1145/3638550.3641137(60-65)Online publication date: 28-Feb-2024
https://dl.acm.org/doi/10.1145/3638550.3641137
Prabha MJegadeesan SJayavathi SRajkumar GJothi JKrishnan R(2024)Revolutionizing Home Connectivity with IoT-Enabled Smart Mirrors for Internet Browsing and Smart Home Integration2024 5th International Conference on Mobile Computing and Sustainable Informatics (ICMCSI)10.1109/ICMCSI61536.2024.00107(683-689)Online publication date: 18-Jan-2024
https://doi.org/10.1109/ICMCSI61536.2024.00107
Uppuluri SLakshmeeswari G(2024)Review of Security and Privacy-Based IoT Smart Home Access Control DevicesWireless Personal Communications10.1007/s11277-024-11405-8Online publication date: 18-Jul-2024
https://doi.org/10.1007/s11277-024-11405-8
Show More Cited By

Index Terms

Smart Solution, Poor Protection: An Empirical Study of Security and Privacy Issues in Developing and Deploying Smart Home Devices
1. Security and privacy
  1. Network security
    1. Web protocol security

Recommendations

Enabling Multi-user Controls in Smart Home Devices
IoTS&P '17: Proceedings of the 2017 Workshop on Internet of Things Security and Privacy

The Internet of Things (IoT) devices have expanded into many aspects of everyday life. As these smart home devices grow more popular, security concerns increase. Researchers have modeled the privacy and security threats for smart home devices, but have ...
Challenges to ensuring human safety throughout the life-cycle of Smart Environments
SafeThings'17: Proceedings of the 1st ACM Workshop on the Internet of Safe Things

The homes, offices, and vehicles of tomorrow will be embedded with numerous "Smart Things," networked with each other and with the Internet. Many of these Things are embedded in the physical infrastructure, and like the infrastructure they are designed ...
SaferHome: Interactive Physical and Digital Smart Home Dashboards for Communicating Privacy Assessments to Owners and Bystanders

Private homes are increasingly becoming smart spaces. While smart homes promise comfort, they expose most intimate spaces to security and privacy risks. Unfortunately, most users today are not equipped with the right tools to assess the vulnerabilities ...

Comments

Information & Contributors

Information

Published In

IoTS&P '17: Proceedings of the 2017 Workshop on Internet of Things Security and Privacy

November 2017

90 pages

ISBN:9781450353960

DOI:10.1145/3139937

General Chairs:
Peng Liu
Penn State University, USA
,
Yuqing Zhang
University of Chinese Academy of Sciences, China
,
Program Chairs:
Theophilus Benson
Brown University, USA
,
Srikanth Sundaresan
Princeton University, USA

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 November 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Major Program of Shanghai Science and Technology Commission
National Key Research and Development Program of China
Key Program of the National Natural Science Foundation of China

Conference

CCS '17

Sponsor:

SIGSAC

CCS '17: 2017 ACM SIGSAC Conference on Computer and Communications Security

November 3, 2017

Texas, Dallas, USA

Acceptance Rates

IoTS&P '17 Paper Acceptance Rate 12 of 30 submissions, 40%;

Overall Acceptance Rate 12 of 30 submissions, 40%

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

19
Total Citations
View Citations
1,174
Total Downloads

Downloads (Last 12 months)46
Downloads (Last 6 weeks)4

Reflects downloads up to 29 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Wang CCassidy LHe WPierson TKotz DXu CDavies N(2024)Challenges and opportunities in onboarding smart-home devicesProceedings of the 25th International Workshop on Mobile Computing Systems and Applications10.1145/3638550.3641137(60-65)Online publication date: 28-Feb-2024
https://dl.acm.org/doi/10.1145/3638550.3641137
Prabha MJegadeesan SJayavathi SRajkumar GJothi JKrishnan R(2024)Revolutionizing Home Connectivity with IoT-Enabled Smart Mirrors for Internet Browsing and Smart Home Integration2024 5th International Conference on Mobile Computing and Sustainable Informatics (ICMCSI)10.1109/ICMCSI61536.2024.00107(683-689)Online publication date: 18-Jan-2024
https://doi.org/10.1109/ICMCSI61536.2024.00107
Uppuluri SLakshmeeswari G(2024)Review of Security and Privacy-Based IoT Smart Home Access Control DevicesWireless Personal Communications10.1007/s11277-024-11405-8Online publication date: 18-Jul-2024
https://doi.org/10.1007/s11277-024-11405-8
Guo MXiao ZLiu XZhuge J(2024)Discovering and Understanding the Security Flaws of Authentication and Authorization in IoT Cloud APIs for Smart HomeSecurity and Privacy in Communication Networks10.1007/978-3-031-64948-6_11(205-224)Online publication date: 13-Oct-2024
https://doi.org/10.1007/978-3-031-64948-6_11
Shah HSahoo J(2023)Retracted: Using a Multifaceted, Network-Informed Methodology to Assess Data Sensitivity from Consumers IoT Gadgets2023 International Conference on Artificial Intelligence and Smart Communication (AISC)10.1109/AISC56616.2023.10085075(1303-1309)Online publication date: 27-Jan-2023
https://doi.org/10.1109/AISC56616.2023.10085075
Allifah NZualkernan I(2022)Ranking Security of IoT-Based Smart Home Consumer DevicesIEEE Access10.1109/ACCESS.2022.314814010(18352-18369)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3148140
Ansari ANazir M(2022)Risk Assessment of Security Vulnerabilities in Smart Home Using CAPEC and Defensive GoalsAdvances in Data and Information Sciences10.1007/978-981-16-5689-7_63(705-722)Online publication date: 1-Jan-2022
https://doi.org/10.1007/978-981-16-5689-7_63
He WZhao VMorkved OSiddiqui SFernandes EHester JUr B(2021)SoK: Context Sensing for Access Control in the Adversarial Home IoT2021 IEEE European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP51992.2021.00014(37-53)Online publication date: Sep-2021
https://doi.org/10.1109/EuroSP51992.2021.00014
Zhu QYang CZheng YMa JLi HZhang JShao J(2021)Smart home: Keeping privacy based on Air‐PaddingIET Information Security10.1049/ise2.1201515:2(156-168)Online publication date: 10-Mar-2021
https://doi.org/10.1049/ise2.12015
Jia YXing LMao YZhao DWang XZhao SZhang Y(2020)Burglars’ IoT Paradise: Understanding and Mitigating Security Risks of General Messaging Protocols on IoT Clouds2020 IEEE Symposium on Security and Privacy (SP)10.1109/SP40000.2020.00051(465-481)Online publication date: May-2020
https://doi.org/10.1109/SP40000.2020.00051
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Enabling Multi-user Controls in Smart Home Devices

Challenges to ensuring human safety throughout the life-cycle of Smart Environments

SaferHome: Interactive Physical and Digital Smart Home Dashboards for Communicating Privacy Assessments to Owners and Bystanders

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Funding Sources

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations