IoT Inspector

The proliferation of smart home devices has created new opportunities for empirical research in ubiquitous computing, ranging from security and privacy to personal health. Yet, data from smart home deployments are hard to come by, and existing empirical studies of smart home devices typically involve only a small number of devices in lab settings. To contribute to data-driven smart home research, we crowdsource the largest known dataset of labeled network traffic from smart home devices from within real-world home networks. To do so, we developed and released IoT Inspector, an open-source tool that allows users to observe the traffic from smart home devices on their own home networks. Between April 10, 2019 and January 21, 2020, 5,404 users have installed IoT Inspector, allowing us to collect labeled network traffic from 54,094 smart home devices. At the time of publication, IoT Inspector is still gaining users and collecting data from more devices. We demonstrate how this data enables new research into smart homes through two case studies focused on security and privacy. First, we find that many device vendors, including Amazon and Google, use outdated TLS versions and send unencrypted traffic, sometimes to advertising and tracking services. Second, we discover that smart TVs from at least 10 vendors communicated with advertising and tracking services. Finally, we find widespread cross-border communications, sometimes unencrypted, between devices and Internet services that are located in countries with potentially poor privacy practices. To facilitate future reproducible research in smart homes, we will release the IoT Inspector data to the public.

[1]  Nick Sullivan,et al.  The Security Impact of HTTPS Interception , 2017, NDSS.

[2]  Narseo Vallina-Rodriguez,et al.  Studying TLS Usage in Android Apps , 2018, ANRW.

[3]  Ahmad-Reza Sadeghi,et al.  IoT SENTINEL: Automated Device-Type Identification for Security Enforcement in IoT , 2016, 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS).

[4]  Nick Feamster,et al.  Web-based Attacks to Discover and Control Local IoT Devices , 2018, IoT S&P@SIGCOMM.

[5]  Yuval Elovici,et al.  ProfilIoT: a machine learning approach for IoT device identification based on network traffic analysis , 2017, SAC.

[6]  Qiang Li,et al.  Acquisitional Rule-based Engine for Discovering Internet-of-Thing Devices , 2018, USENIX Security Symposium.

[7]  Nick Feamster,et al.  BISmark: A Testbed for Deploying Measurements and Applications in Broadband Access Networks , 2014, USENIX ATC.

[8]  Nick Feamster,et al.  Peeking behind the NAT: an empirical study of home networks , 2013, Internet Measurement Conference.

[9]  Yi Zhou,et al.  Understanding the Mirai Botnet , 2017, USENIX Security Symposium.

[10]  G. Priyanka Reddy,et al.  Message Queuing Telemetry Transport , 2017 .

[11]  Bodo Möller,et al.  This POODLE Bites: Exploiting The SSL 3.0 Fallback , 2014 .

[12]  Mohammad Mannan,et al.  Playing With Danger: A Taxonomy and Evaluation of Threats to Smart Toys , 2019, IEEE Internet of Things Journal.

[13]  Rebecca E. Grinter,et al.  Why is my internet slow?: making network speeds visible , 2011, CHI.

[14]  Boris Nechaev,et al.  Experiences from Netalyzr with engaging users in end-system measurement , 2011, W-MUST '11.

[15]  Yuval Elovici,et al.  Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection , 2018, NDSS.

[16]  Nick Feamster,et al.  Security and Privacy Analyses of Internet of Things Children’s Toys , 2019, IEEE Internet of Things Journal.

[17]  Boris Nechaev,et al.  Netalyzr: illuminating the edge network , 2010, IMC '10.

[18]  Rajarshi Gupta,et al.  All Things Considered: An Analysis of IoT Devices on Home Networks , 2019, USENIX Security Symposium.

[19]  Martin May,et al.  Probe and Pray: Using UPnP for Home Network Measurements , 2012, PAM.

[20]  Arvind Narayanan,et al.  Online Tracking: A 1-million-site Measurement and Analysis , 2016, CCS.

[21]  David A. Cooper,et al.  Guidelines for the selection, configuration, and use of Transport Layer Security (TLS) implementations , 2005 .

[22]  Narseo Vallina-Rodriguez,et al.  Apps, Trackers, Privacy, and Regulators: A Global Study of the Mobile Tracking Ecosystem , 2018, NDSS.

[23]  Nick Feamster,et al.  Keeping the Smart Home Private with Smart(er) IoT Traffic Shaping , 2018, Proc. Priv. Enhancing Technol..

[24]  Li Fei-Fei,et al.  ImageNet: A large-scale hierarchical image database , 2009, CVPR.

[25]  Franck Le,et al.  DeviceMien: network device behavior modeling for identifying unknown IoT devices , 2019, IoTDI.

[26]  Omar Alrawi,et al.  SoK: Security Evaluation of Home-Based IoT Deployments , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[27]  Nick Feamster,et al.  Watching You Watch: The Tracking Ecosystem of Over-the-Top TV Streaming Devices , 2019, CCS.

[28]  Nick Feamster,et al.  Enhancing Transparency: Internet Video Quality Inference from Network Traffic , 2018 .

[29]  Catherine Rosenberg,et al.  Measuring Home Networks with HomeNet Profiler , 2013, PAM.

[30]  Nick Feamster,et al.  Cleartext Data Transmissions in Consumer IoT Medical Devices , 2017, IoT S&P@CCS.