Smart Home Privacy Leaks


Despite the ever-growing impact of smart home internet of things devices research has shown that users are usually not aware of privacy leaks, which occur in such an environment. Furthermore, users are typically not informed, which data types are collected from such devices and with which companies this data is shared. Since the majority of traffic originating from smart home devices is encrypted, it is not viable without, e.g. Man-in-the-middle attack to read the content of the transmissions. Even if the traffic is unencrypted, it is not a trivial task to automatically gain information which data is sent, since there are many vastly different devices from several different vendors, using multiple diverse standards to format their messages.In order to improve privacy awareness, we developed a novel privacy empowering tool. It is based on the network-wide ad blocker Pi-hole and is typically deployed on a raspberry pi. This probe is able to infer potential privacy leaks i.e., which information could be derived about the residents or about their behaviour, from smart home devices in a home network. Furthermore, it provides transparency by displaying and analysing the occurring network traffic. Moreover, the companies involved in the data exchange with the smart home devices are shown.To overcome the previously mentioned problem of gaining information data transmitted by smart home devices, a privacy leak model is developed. This model derives information, which is sent by such devices and further potential privacy leaks based on their functional device types. Additionally, this model allows to provide methods to calculate the impact of sharing data between companies.The classification of smart home devices in the home network, is achieved by a machine learning model developed by us. For this reason, we created a feature extraction method suitable for the data provided by the Pi-hole and compared three machine learning methods, which are commonly used for this specific task.

TU Wien