Recognition: unknown
A Smart Home is No Castle: Privacy Vulnerabilities of Encrypted IoT Traffic
read the original abstract
The increasing popularity of specialized Internet-connected devices and appliances, dubbed the Internet-of-Things (IoT), promises both new conveniences and new privacy concerns. Unlike traditional web browsers, many IoT devices have always-on sensors that constantly monitor fine-grained details of users' physical environments and influence the devices' network communications. Passive network observers, such as Internet service providers, could potentially analyze IoT network traffic to infer sensitive details about users. Here, we examine four IoT smart home devices (a Sense sleep monitor, a Nest Cam Indoor security camera, a WeMo switch, and an Amazon Echo) and find that their network traffic rates can reveal potentially sensitive user interactions even when the traffic is encrypted. These results indicate that a technological solution is needed to protect IoT device owner privacy, and that IoT-specific concerns must be considered in the ongoing policy debate around ISP data collection and usage.
This paper has not been read by Pith yet.
Forward citations
Cited by 1 Pith paper
-
Early-Stage IoT Device Identification Using Passive Network Traffic Analysis
IoT devices can be identified with up to 99% accuracy in the first few seconds of network attachment using only passive flow-level metadata features across 37 devices.
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.