Oct. 26, 2023
New research reveals alarming security and privacy threats in smart homes
Calgary, AB – University of Calgary researcher Dr. Joel Reardon, PhD, is part of an international team that has unveiled groundbreaking findings on the security and privacy challenges posed by the ever-growing prevalence of opaque and technically complex Internet of Things (IoT) devices in smart homes.
Smart homes are becoming increasingly interconnected, comprising an array of consumer-oriented IoT devices ranging from smartphones and smart TVs to virtual assistants and CCTV cameras. These devices have cameras, microphones, and other ways of sensing what is happening in our most private spaces. But can we trust that these devices are safely handling and protecting the sensitive data they have access to?
Dr. Reardon, an associate professor in computer science at UCalgary, and the international research team presented their extensive study, In the Room Where It Happens: Characterizing Local Communication and Threats in Smart Homes, this week at the ACM Internet Measurement Conference in Montreal. The paper delves for the first time into the intricacies of local network interactions between 93 IoT devices and mobile apps, revealing an abundance of previously undisclosed security and privacy threats with real-world implications.
The study is led by IMDEA Networks and Northeastern University in collaboration with the University of Calgary, NYU Tandon School of Engineering, Universidad Carlos III de Madrid, IMDEA Software and the International Computer Science Institute.
“This research shows the home network isn't as safe from the Internet as we hoped. If a new phone connects to a network, then all the apps on it can have direct access to everything else on that network. The spyware I found in apps with tens of millions of installs was in fact scanning networks and talking to routers.”
Dr. Joel Reardon, PhD, associate professor, computer science, UCalgary and study co-author
While most users typically view local networks as a trusted and safe environment, the study's findings go beyond detecting vulnerable devices: they illuminate new threats associated with the inadvertent exposure of sensitive data by IoT devices within local networks using standard protocols such as Universal Plug and Play (UPnP) or multicastDNS (mDNS). These threats include the exposure of unique device names and even household geolocation data, all of which can be harvested by companies involved in surveillance capitalism without user awareness.
“When we think of what happens between the walls of our homes, we think of it as a trusted, private place. In reality, we find that smart devices in our homes are piercing that veil of trust and privacy — in ways that allow nearly any company to learn what devices are in your home, to know when you are home, and learn where your home is. These behaviours are generally not disclosed to consumers, and there is a need for better protections in the home."
Dr. David Choffnes, PhD, associate professor, computer science, and executive director of the Cybersecurity and Privacy Institute at Northeastern University.
The impact of this research underscores the imperative for manufacturers, software developers, IoT and mobile platform operators, and policymakers to take action to enhance the privacy and security guarantees of smart home devices and households. The research team responsibly disclosed these issues to vulnerable IoT device vendors and to Google's Android Security Team, already triggering security improvements in some of these products.
Dr. Joel Reardon is available for interviews by phone or video call.
Media inquiries
Nadine Sander-Green
Senior External Communications
587.575.9873
nadine.sandergreen@ucalgary.ca
About the University of Calgary
UCalgary is Canada’s entrepreneurial university, located in Canada’s most enterprising city. It is a top research university and one of the highest-ranked universities of its age. Founded in 1966, its 35,000 students experience an innovative learning environment, made rich by research, hands-on experiences and entrepreneurial thinking. It is Canada’s leader in the creation of start-ups. Start something today at the University of Calgary.
For more information, visit ucalgary.ca. Stay up to date with UCalgary news headlines on Twitter @UCalgary. For access to UCalgary news releases, images and b-roll, and details on faculties and how to reach experts, check out our newsroom at ucalgary.ca/newsroom.