IoTScanner: Detecting Privacy Threats in IoT Neighborhoods

In the context of the emerging Internet of Things (IoT), a proliferation of wireless connectivity can be expected. That ubiquitous wireless communication will be hard to centrally manage and control, and can be expected to be opaque to end users. As a result, owners and users of physical space are threatened to lose control over their digital environments. In this work, we propose the idea of an IoTScanner. The IoTScanner integrates a range of radios to allow local reconnaissance of existing wireless infrastructure and participating nodes. It enumerates such devices, identifies connection patterns, and provides valuable insights for technical support and home users alike. Using our IoTScanner, we attempt to classify actively streaming IP cameras from other non-camera devices using simple heuristics. We show that our classification approach achieves a high accuracy in an IoT setting consisting of a large number of IoT devices. While related work usually focuses on detecting either the infrastructure, or eavesdropping on traffic from a specific node, we focus on providing a general overview of operations in all observed networks. We do not assume prior knowledge of used SSIDs, preshared passwords, or similar.

[1]  Rong Zheng,et al.  WiserAnalyzer: A Passive Monitoring Framework for WLANs , 2009, 2009 Fifth International Conference on Mobile Ad-hoc and Sensor Networks.

[2]  Matt Welsh,et al.  LiveNet: Using Passive Monitoring to Reconstruct Sensor Network Dynamics , 2008, DCOSS.

[3]  Damon McCoy,et al.  Passive Data Link Layer 802.11 Wireless Device Driver Fingerprinting , 2006, USENIX Security Symposium.

[4]  Ratul Mahajan,et al.  Analyzing the MAC-level behavior of wireless networks in the wild , 2006, SIGCOMM.

[5]  Lida Xu,et al.  The internet of things: a survey , 2014, Information Systems Frontiers.

[6]  Moustafa Youssef,et al.  A framework for wireless LAN monitoring and its applications , 2004, WiSe '04.

[7]  Tristan Henderson,et al.  The changing usage of a mature campus-wide wireless network , 2004, MobiCom '04.

[8]  Mark Davis,et al.  Experimental investigation on VoIP performance and the resource utilization in 802.11b WLANs , 2006, Proceedings. 2006 31st IEEE Conference on Local Computer Networks.

[9]  Asaf Shabtai,et al.  Advanced Security Testbed Framework for Wearable IoT Devices , 2016, ACM Trans. Internet Techn..

[10]  Srinivasan Seshan,et al.  802.11 user fingerprinting , 2007, MobiCom '07.

[11]  Frederik Armknecht,et al.  On the security of the ZigBee Light Link touchlink commissioning procedure , 2016, Sicherheit.

[12]  Luigi Alfredo Grieco,et al.  Security, privacy and trust in Internet of Things: The road ahead , 2015, Comput. Networks.

[13]  Guoliang Xing,et al.  Practical Bluetooth Traffic Sniffing: Systems and Privacy Implications , 2016, MobiSys.

[14]  Cédric Lauradoux,et al.  Preserving privacy in secured ZigBee wireless sensor networks , 2015, 2015 IEEE 2nd World Forum on Internet of Things (WF-IoT).

[15]  Andrea Bittau,et al.  BlueSniff: Eve Meets Alice and Bluetooth , 2007, WOOT.

[16]  Xiaowei Li,et al.  SNAMP: A Multi-sniffer and Multi-view Visualization Platform for Wireless Sensor Networks , 2006, 2006 1ST IEEE Conference on Industrial Electronics and Applications.

[17]  David Kotz,et al.  Analysis of a Campus-Wide Wireless Network , 2002, MobiCom '02.

[18]  Amit Dvir,et al.  A joint framework of passive monitoring system for complex wireless networks , 2011, 2011 IEEE Consumer Communications and Networking Conference (CCNC).

[19]  Mark Davis,et al.  Gauging VoIP call quality from 802.11 WLAN resource usage , 2006, 2006 International Symposium on a World of Wireless, Mobile and Multimedia Networks(WoWMoM'06).

[20]  Mike Ryan,et al.  Bluetooth: With Low Energy Comes Low Security , 2013, WOOT.

[21]  Stefan Savage,et al.  Jigsaw: solving the puzzle of enterprise 802.11 analysis , 2006, SIGCOMM.

[22]  Zinaida Benenson,et al.  All Your Bulbs Are Belong to Us: Investigating the Current State of Security in Connected Lighting Systems , 2016, ArXiv.

[23]  Desmond Loh Chin Choong,et al.  Identifying unique devices through wireless fingerprinting , 2008, WiSec '08.

[24]  Mark Davis A wireless traffic probe for radio resource management and QoS provisioning in IEEE 802.11 WLANs , 2004, MSWiM '04.

[25]  Parth H. Pathak,et al.  Uncovering Privacy Leakage in BLE Network Traffic of Wearable Fitness Trackers , 2016, HotMobile.

[26]  Marimuthu Palaniswami,et al.  Internet of Things (IoT): A vision, architectural elements, and future directions , 2012, Future Gener. Comput. Syst..