The network communication between Internet of Things (IoT) devices on the same local network has significant implications for platform and device interoperability, security, privacy, and correctness. Yet, the analysis of local home Wi-Fi network traffic and its associated security and privacy threats have been largely ignored by prior literature, which typically focuses on studying the communication between IoT devices and cloud end-points, or detecting vulnerable IoT devices exposed to the Internet. In this talk, we present a comprehensive and empirical measurement study to shed light on the local communication within a smart home deployment and its threats. We use a unique combination of passive network traffic captures, protocol honeypots, dynamic mobile app analysis, and crowdsourced IoT data from participants to identify and analyze a wide range of device activities on the local network. We then analyze these datasets to characterize local network protocols, security and privacy threats associated with them. Our analysis reveals vulnerable devices, insecure use of network protocols, and sensitive data exposure by IoT devices. We provide evidence of how this information is exfiltrated to remote servers by mobile apps and third-party SDKs, potentially for household fingerprinting, surveillance and cross-device tracking.

About Aniketh Girish

Aniketh is a third-year doctoral student at IMDEA Networks Institute and University Carlos III de Madrid(uc3m), Madrid, Spain advised by Dr. Narseo Vallina-Rodriguez. His research is primarily focused on measuring the privacy and security implications associated with smart devices. Prior to joining IMDEA, he completed his Master’s in cybersecurity from University Carlos III de Madrid(uc3m) and Bachelors in Technology(B.Tech) from Amrita Vishwa Vidyapeetham, India. Aniketh has also published his research in top-tier International peer-reviewed conferences such as USENIX Security, ACM CoNEXT Student’s workshop and IMC. His work presented at TMA’22 PhD school on smart home privacy has received the best poster award.

This event will be conducted in English