I am incredibly honoured and humbled to receive the Ph.D. Thesis of the Year Award (Årets avhandling) in Computer Science from Malmö University in Sweden. This prize extremely acknowledges my 5+ years of research on the topic of threats and risks affecting IoT-based smart homes.
Learn more about the award by clicking here. Furthermore, you can access the presentation I delivered during that event by clicking here.
Following, a blog post I have written in 2019 focusing on real smart home testbeds, a lot of readers have reached out asking me if I am aware of tools that can be used to simulate smart home data. I understand this request, because data collection in smart homes can be a tedious, time-consuming, and expensive process. I identify three of the recent open-source tools that could be useful to simulate activity and human interactions within a smart home, below:
Photo adopted from: https://github.com/openshs/openshs
Also, in case you are a researcher and you would like a copy of the data I collected about the technical specifications of smart home products, feel free to get in touch.
[1] Alshammari, N.; Alshammari, T.; Sedky, M.; Champion, J.; Bauer, C. OpenSHS: Open Smart Home Simulator. Sensors 2017, 17, 1003. https://doi.org/10.3390/s17051003
[2] Francillette, Y.; Boucher, E.; Bouzouane, A.; Gaboury, S. The Virtual Environment for Rapid Prototyping of the Intelligent Environment. Sensors 2017, 17, 2562. https://doi.org/10.3390/s17112562
[3] Brandon Ho, Dieter Vogts, and Janet Wesson. 2019. A Smart Home Simulation Tool to Support the Recognition of Activities of Daily Living. In: Proceedings of the South African Institute of Computer Scientists and Information Technologists 2019. ACM, Article 23, 1–10. DOI:https://doi.org/10.1145/3351108.3351132
It has been a bit more than 2 years ago I defended my Licentiate thesis. Here is a wonderful memory from that time! A lot of things have changed since then in the smart home world and also in the course of my research and academic career.
In case you have queries just feel free to get in touch! I am also very much involved in supervising theses on cutting edge technologies of the like of autonomous drones, smart cities, to more industry-oriented work such as measuring the effects of GDPR on IoT consumers.
On Tuesday, I gave a presentation at PerCom 2020. This was the first time, the conference was held completely online (due to the global pandemic of COVID-19), and speakers were asked to deliver their presentations remotely over Zoom.
In my case, I gave two live presentations in the Work In Progress (WiP) session being chaired by Diane Cook. During this time, I discussed how smart connected homes can be formally modeled so that privacy threats can be systematically identified and analyzed. Take a look at my short teaser clip below.
In case you are interested in the accompanying poster for my presentation, you can access it either from my Presentations menu tab or otherwise by clicking here. Also, I have uploaded the slides for the video which you can access here.
As always, please feel free to contact me in case you want to know more about this paper, and about security and privacy in general. Finally, I want to remind and encourage you to submit to PerCom or its workshops. You can get some high-quality feedback on your work that can help you improve it and more.
An Internet-connected home in the Netherlands.
What type of data smart home devices collect? This is exactly what I talked about last week in Seattle (USA) at the Services Conference Federation (SCF 2018). Understanding the data smart home systems collect is useful to assess what is at stake if a device is compromised and as a precursor for conducting privacy analysis.
By analysing the privacy policies of different smart home and IoT device manufacturers we observed that all investigated devices collect instances of personal data. This in the worst case can include biometric data. Such data is used for instance in smart TVs for authentication purposes and sometimes to support advanced interaction features.
However, there are many other instances of non-personal data which when aggregated can truly paint a detailed coarse-grained model of an individual’s lifestyle preferences, habits, and history.
Read more: https://www.springerprofessional.de/an-empirical-analysis-of-smart-connected-home-data/15852434
Researchers from Ben-Gurion University of the Negev have found that smart home devices can be easily hacked and then used to spy on their users. Omer Shwartz et al. in their research paper analysed the practical security level of 16 popular IoT devices ranging from high-end to low-end manufacturers.
Amongst other things, they discovered that similar products under different brands share the same common default passwords. In some instances, the authors claimed that such passwords were found within minutes and sometimes simply by a web search for the brand. Devices in their study included baby monitors, home security and web cameras, doorbells, and thermostats. Using such devices in their lab, they were then able to for example, play loud music through a baby monitor, turn off a thermostat, and turn on a camera remotely.
Exactly as I talked today in my PerCom’18 presentation in Greece, manufacturers should avoid using easy, hard-coded passwords, and should be held more accountable for their products and services. At the same time, the end-user as a countermeasure should try to change default passwords or to disable privileged accounts on the device. But, ultimately, security should never be an afterthought but bolted-in from the beginning of the development lifecycle.
In our work, we have identified hundreds of insecure smart connected cameras deployed on the Internet in different places in the world. Similarly, we observed that most of the vendors left their default passwords inside the devices, or had banner information with sensitive data, e.g., firmware version, ports numbers, manufacturer names, that can be used to compromise the security and privacy of householders, business owners, and more.
People are increasingly buying voice-activated speakers (also called digital voice assistants or intelligent personal assistants) and other smart devices for added convenience, enhancing security, and also for entertainment purposes. But doing so blindly, without assessing risks involved with such technologies, can give intruders an accessible window into our homes and personal lives. Here are some risks that you may want to consider before purchasing a smart device for your house:
Listening In: Many new devices are being manufactured with built-in microphones. New generation devices falling in this category include for instance smart speaker systems such as Amazon Echo and Google Home, and as well smart TVs, TV streaming devices, and Internet-connected toys. Many of these devices are constantly listening in for your commands and when they receive them they connect to corporate servers (can be located anywhere in the world) to satisfy your request. What if you are having private conversations at home? Are these getting sent to the Internet without your awareness? Indeed, some devices just do that (yes, you may have unknowingly already accepted the vendor’s privacy policy or terms-of-use if that exists!). What can you do then? Well, devices typically have a mute function that disables the device microphone(s). But the question remains, can we actually verify what the manufacturer promises? Further to that, if data is sent over the Internet can it really be removed? I highly doubt that.
Watching You: Cloud security cameras let you check in on your pets, children, and your home status, when you are away, typically through your smartphone, tablet, and other handheld computing devices. Some devices routinely send video footage to online storage automatically while others do so when triggered, example by a motion sensor (typically signalling that an intruder or an unauthorized visitor is nearby). Reputable brands are likely to take security seriously, but no system is bulletproof. If you want to stay extra vigilant then you might want to turn the camera to face the wall or just unplug it altogether when you do not intend to use it. However, this is not a viable solution for many. Thus, my suggestion is that you should carefully inspect the device technical specification and assess whether the company is taking security and privacy seriously!
Digital Trails: Smart locks let you unlock doors from anywhere with an application installed on your digital devices. With this, you can let in guests even when you are away or when you have your hands full with other things (yes you can also connect your smart lock with a digital voice assistant). Similarly, landlords can automatically disable your digital key when you move out, and parents can keep an attentive eye on the time their beloved teens are coming back home. At the same time, intruders might try to hack the system not only forcibly with hardware tools but also through software hacking tools. Smart locks also pose a risk to privacy as usage of such keys leaves a digital trail. This trail can also be used in forensic investigation. This is an added attack surface that these digital devices bring into our lives, into our homes.
In this article, we scratched the surface of risks brought forth by smart devices. If you want to learn more about risks when purchasing smart home devices and as well about the different types of intruders spying on your home take a look at my paper.
Joseph Bugeja 