Characterizing Everyday Misuse of Smart Home Devices

2023 IEEE Symposium on Security and Privacy (SP) Pub Date : 2023-05-01 DOI:10.1109/SP46215.2023.10179476

Phoebe Moh, P. Datta, N. Warford, Adam Bates, Nathan Malkin, Michelle L. Mazurek

{"title":"Characterizing Everyday Misuse of Smart Home Devices","authors":"Phoebe Moh, P. Datta, N. Warford, Adam Bates, Nathan Malkin, Michelle L. Mazurek","doi":"10.1109/SP46215.2023.10179476","DOIUrl":null,"url":null,"abstract":"Exploration of Internet of Things (IoT) security often focuses on threats posed by external and technically-skilled attackers. While it is important to understand these most extreme cases, it is equally important to understand the most likely risks of harm posed by smart device ownership. In this paper, we explore how smart devices are misused — used without permission in a manner that causes harm — by device owners’ everyday associates such as friends, family, and romantic partners. In a preliminary characterization survey (n = 100), we broadly capture the kinds of unauthorized use and misuse incidents participants have experienced or engaged in. Then, in a prevalence survey (n = 483), we assess the prevalence of these incidents in a demographically-representative population. Our findings show that unauthorized use of smart devices is widespread (experienced by 43% of participants), and that misuse is also common (experienced by at least 19% of participants). However, highly individual factors determine whether these unauthorized use events constitute misuse. Through a focus on everyday abuses, this work sheds light on the most prevalent security and privacy threats faced by smart-home owners today.","PeriodicalId":439989,"journal":{"name":"2023 IEEE Symposium on Security and Privacy (SP)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 IEEE Symposium on Security and Privacy (SP)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SP46215.2023.10179476","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

Exploration of Internet of Things (IoT) security often focuses on threats posed by external and technically-skilled attackers. While it is important to understand these most extreme cases, it is equally important to understand the most likely risks of harm posed by smart device ownership. In this paper, we explore how smart devices are misused — used without permission in a manner that causes harm — by device owners’ everyday associates such as friends, family, and romantic partners. In a preliminary characterization survey (n = 100), we broadly capture the kinds of unauthorized use and misuse incidents participants have experienced or engaged in. Then, in a prevalence survey (n = 483), we assess the prevalence of these incidents in a demographically-representative population. Our findings show that unauthorized use of smart devices is widespread (experienced by 43% of participants), and that misuse is also common (experienced by at least 19% of participants). However, highly individual factors determine whether these unauthorized use events constitute misuse. Through a focus on everyday abuses, this work sheds light on the most prevalent security and privacy threats faced by smart-home owners today.

查看原文本刊更多论文

智能家居设备的日常滥用特征

对物联网(IoT)安全的探索通常集中在外部和技术熟练的攻击者所构成的威胁上。虽然了解这些最极端的情况很重要，但了解智能设备所有权最可能造成的危害风险同样重要。在本文中，我们探讨了智能设备是如何被滥用的——未经允许以一种造成伤害的方式使用——设备所有者的日常伙伴，如朋友、家人和恋人。在初步的特征调查(n = 100)中，我们大致捕获了参与者经历或参与的未经授权使用和滥用事件的类型。然后，在患病率调查(n = 483)中，我们评估了这些事件在人口统计学上具有代表性的人群中的患病率。我们的研究结果表明，未经授权使用智能设备的情况很普遍(43%的参与者经历过)，滥用智能设备的情况也很常见(至少19%的参与者经历过)。然而，高度个性化的因素决定了这些未经授权的使用事件是否构成滥用。通过关注日常滥用，这项工作揭示了当今智能家居所有者面临的最普遍的安全和隐私威胁。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2023 IEEE Symposium on Security and Privacy (SP)

自引率

0.00%

发文量