Xiaoyu Ji,Chaohao Li,Xinyan Zhou,Juchuan Zhang,Yanmiao Zhang,Wenyuan Xu

DOI: https://doi.org/10.1145/3399432

2020-01-01

ACM Transactions on Internet of Things

Abstract:Nowadays, most Internet of Things devices in smart homes rely on radio frequency channels for communication, making them exposed to various attacks such as spoofing and eavesdropping attacks. Existing methods using encryption keys may be inapplicable on these resource-constrained devices that cannot afford the computationally expensive encryption operations. Thus, in this article, we design a key-free communication method for such devices in a smart home. In particular, we introduce the Home-limited Channel (HLC) that can be accessed only within a house yet inaccessible for outside-house attackers. Utilizing HLCs, we propose HlcAuth, a challenge-response mechanism to authenticate the communications between smart devices without keys. The advantages of HlcAuth are low cost, lightweight as well as key-free, and requiring no human intervention. According to the security analysis, HlcAuth can defeat replay attacks, message-forgery attacks, and man-in-the-middle (MiTM) attacks, among others. We further evaluate HlcAuth in four different physical scenarios, and results show that HlcAuth achieves 100% true positive rate (TPR) within 4.2m for in-house devices while 0% false positive rate (FPR) for outside attackers, i.e., guaranteeing a high-level usability and security for in-house communications. Finally, we implement HlcAuth in both single-room and multi-room scenarios.

Sunil Manandhar,Kevin Moran,Kaushal Kafle,Ruhao Tang,Denys Poshyvanyk,Adwait Nadkarni

DOI: https://doi.org/10.48550/arXiv.1907.00124

2019-06-29

Abstract:Security researchers have recently discovered significant security and safety issues related to home automation and developed approaches to address them. Such approaches often face design and evaluation challenges which arise from their restricted perspective of home automation that is bounded by the IoT apps they analyze. The challenges of past work can be overcome by relying on a deeper understanding of realistic home automation usage. More specifically, the availability of natural home automation scenarios, i.e., sequences of home automation events that may realistically occur in an end-user's home, could help security researchers design better security/safety systems. This paper presents Helion, a framework for building a natural perspective of home automation. Helion identifies the regularities in user-driven home automation, i.e., from user-driven routines that are increasingly being created by users through intuitive platform UIs. Our intuition for designing Helion is that smart home event sequences created by users exhibit an inherent set of semantic patterns, or naturalness that can be modeled and used to generate valid and useful scenarios. To evaluate our approach, we first empirically demonstrate that this naturalness hypothesis holds, with a corpus of 30,518 home automation events, constructed from 273 routines collected from 40 users. We then demonstrate that the scenarios generated by Helion are reasonable and valid from an end-user perspective, through an evaluation with 16 external evaluators. We further show the usefulness of Helion's scenarios by generating 17 home security/safety policies with significantly less effort than existing approaches. We conclude by discussing key takeaways and future research challenges enabled by Helion's natural perspective of home automation.

Cryptography and Security

Kaushal Kafle,Kevin Moran,Sunil Manandhar,Adwait Nadkarni,Denys Poshyvanyk

DOI: https://doi.org/10.48550/arXiv.1812.01597

2018-12-05

Abstract:Home automation platforms provide a new level of convenience by enabling consumers to automate various aspects of physical objects in their homes. While the convenience is beneficial, security flaws in the platforms or integrated third-party products can have serious consequences for the integrity of a user's physical environment. In this paper we perform a systematic security evaluation of two popular smart home platforms, Google's Nest platform and Philips Hue, that implement home automation "routines" (i.e., trigger-action programs involving apps and devices) via manipulation of state variables in a centralized data store. Our semi-automated analysis examines, among other things, platform access control enforcement, the rigor of non-system enforcement procedures, and the potential for misuse of routines. This analysis results in ten key findings with serious security implications. For instance, we demonstrate the potential for the misuse of smart home routines in the Nest platform to perform a lateral privilege escalation, illustrate how Nest's product review system is ineffective at preventing multiple stages of this attack that it examines, and demonstrate how emerging platforms may fail to provide even bare-minimum security by allowing apps to arbitrarily add/remove other apps from the user's smart home. Our findings draw attention to the unique security challenges of platforms that execute routines via centralized data stores and highlight the importance of enforcing security by design in emerging home automation platforms.

Cryptography and Security

Siok Wah Tay,Ning Zhang,Salem Aljanah

DOI: https://doi.org/10.1109/access.2024.3359442

IF: 3.9

2024-02-10

IEEE Access

Abstract:The advent of the Internet of Things (IoT) and Artificial Intelligence (AI) have led to the rising popularity of Smart Home Automation (SHAuto). SHAuto uses a variety of interconnected smart devices to provide life-enhancing services such as smart energy control, smart entertainment, smart healthcare, and so on. If these devices are compromised, sensitive data may be disclosed and the compromised devices or other connected devices may be maliciously controlled, threatening the privacy and safety of home occupants. Therefore, controlling access to devices in SHAuto is of paramount importance. However, due to the characteristics of the SHAuto environment, this has become a challenging issue. As a first step towards addressing this challenging issue, this paper provides a comprehensive problem analysis of SHAuto. The problem analysis consists of two parts. The first part is an in-depth analysis of various SHAuto use case scenarios covering three aspects, i.e., device control modes, automation modes, and device communications. This analysis has led to the formulation of a generic model for SHAuto. Based on this model, the second part analyses potential vulnerabilities and threats in relation to authorisation. The comprehensive problem analysis has led to a hypothesis that access to the devices can be controlled by governing device communications and the specification of a set of requirements for the design of secure and usable communication-based access control solutions for SHAuto environments.

computer science, information systems,telecommunications,engineering, electrical & electronic

Lei Bu,Wen Xiong,Chieh-Jan Mike Liang,Shi Han,Dongmei Zhang,Shan Lin,Xuandong Li

DOI: https://doi.org/10.1145/3185501

2018-01-01

ACM Transactions on Cyber-Physical Systems

Abstract:Recent advances and industry standards in Internet of Things (IoT) have accelerated the real-world adoption of connected devices. To manage this hybrid system of digital real-time devices and analog environments, the industry has pushed several popular home automation IoT (HA-IoT) frameworks, such as If-This-Then-That (IFTTT), Apple HomeKit, and Google Brillo. Typically, users author device interactions by specifying the triggering sensor event and the triggered device command. In this seemingly simple software system, two dominant factors govern the system confidence properties with respect to the physical world. First, IoT users are largely nonexperts who lack the comprehensive consideration regarding potential impact and joint effect with existing rules. Second, while the increasing complexity of IoT devices enables fine-grained control (e.g., heater temperature) of continuous real-time environments, even two simply connected devices can have a huge state space to explore. In fact, bugs that wrongfully control devices and home appliances can have ramifications on system correctness and even user physical safety. It is crucial to help users to make sure the system they created meets their expectation. In this article we introduce how techniques from hybrid automata can be practically applied to assist nonexpert IoT users in the confidence checking of such hybrid HA-IoT systems. We propose an automated framework for end-to-end programming assistance. We build and check the Linear Hybrid Automata (LHA) model of the system automatically. We also present a quantifier elimination-based method to analyze the counterexample found and synthesize fix suggestions. We implemented a platform, MenShen, based on this framework and proposed techniques. We conducted sets of real HA-IoT case studies with up to 46 devices and 65 rules. Empirical results show that MenShen can find violations and generate rule fix suggestions in only 10 seconds.

Amit Kumar Sikder,Leonardo Babun,Hidayet Aksu,A. Selcuk Uluagac

DOI: https://doi.org/10.48550/arXiv.1910.03750

2019-10-09

Cryptography and Security

Abstract:Our everyday lives are expanding fast with the introduction of new Smart Home Systems (SHSs). Today, a myriad of SHS devices and applications are widely available to users and have already started to re-define our modern lives. Smart home users utilize the apps to control and automate such devices. Users can develop their own apps or easily download and install them from vendor-specific app markets. App-based SHSs offer many tangible benefits to our lives, but also unfold diverse security risks. Several attacks have already been reported for SHSs. However, current security solutions consider smart home devices and apps individually to detect malicious actions rather than the context of the SHS as a whole. The existing mechanisms cannot capture user activities and sensor-device-user interactions in a holistic fashion. To address these issues, in this paper, we introduce Aegis, a novel context-aware security framework to detect malicious behavior in a SHS. Specifically, Aegis observes the states of the connected smart home entities (sensors and devices) for different user activities and usage patterns in a SHS and builds a contextual model to differentiate between malicious and benign behavior. We evaluated the efficacy and performance of Aegis in multiple smart home settings (i.e., single bedroom, double bedroom, duplex) with real-life users performing day-to-day activities and real SHS devices. We also measured the performance of Aegis against five different malicious behaviors. Our detailed evaluation shows that Aegis can detect malicious behavior in SHS with high accuracy (over 95%) and secure the SHS regardless of the smart home layout, device configuration, installed apps, and enforced user policies. Finally, Aegis achieves minimum overhead in detecting malicious behavior in SHS, ensuring easy deployability in real-life smart environments.

Adeeb Mansoor Ansari,Mohammed Nazir,Khurram Mustafa

DOI: https://doi.org/10.1109/access.2024.3415632

IF: 3.9

2024-06-25

IEEE Access

Abstract:Smart homes are the most adaptable and utilized application of the IoT. Smart homes enable end users to define and control the automation remotely by defining automation rules. The automation rules interaction results in the defined tasks and activities but also delivers unwanted interactions, which show adverse effects. Their interactions may consist of chained and covert rules interaction, which are hard to trace and identify. Attackers' malicious apps installed in smart homes may leverage rules' adverse effects to compromise smart home security and harm users, such as opening the window at night or when no one is home. To address such issues, we developed an ontology of smart home automation rules to identify such interactions. Prior works failed to provide the complete classification and could not identify all possible rule conflicts. In this work, we proposed the classification of automation rule interactions into five categories and recognized the potential rule conflicts. In addition, the ontology can examine rules interactions against the defined safety policies, providing an extra layer of security. The ontology will aid the designers in better understanding and developing a robust security mechanism at the design phase to resist rules interaction conflicts and their adverse effects. We examine this work on the thirty-five rules formed in the light of prior work test cases and validation. The results show that the proposed work is promising and can efficiently identify all the rule interaction conflicts in the smart home.

computer science, information systems,telecommunications,engineering, electrical & electronic

Kulani Mahadewa,Kailong Wang,Guangdong Bai,Ling Shi,Yan Liu,Jin Song Dong,Zhenkai Liang

DOI: https://doi.org/10.1109/tse.2019.2960690

IF: 7.4

2021-12-01

IEEE Transactions on Software Engineering

Abstract:A key feature of the booming smart home is the integration of a wide assortment of technologies, including various standards, proprietary communication protocols and heterogeneous platforms. Due to customization, unsatisfied assumptions and incompatibility in the integration, critical security vulnerabilities are likely to be introduced by the integration. Hence, this work addresses the security problems in smart home systems from an integration perspective, as a complement to numerous studies that focus on the analysis of individual techniques. We propose HomeScan, an approach that examines the security of the implementations of smart home systems. It extracts the abstract specification of application-layer protocols and internal behaviors of entities, so that it is able to conduct an end-to-end security analysis against various attack models. Applying HomeScan on three extensively-used smart home systems, we have found twelve non-trivial security issues, which may lead to unauthorized remote control and credential leakage.

engineering, electrical & electronic,computer science, software engineering

Giles Birchley,Richard Huxtable,Madeleine Murtagh,Ruud Ter Meulen,Peter Flach,Rachael Gooberman-Hill

DOI: https://doi.org/10.1186/s12910-017-0183-z

2017-04-04

Abstract:Background: Smart-home technologies, comprising environmental sensors, wearables and video are attracting interest in home healthcare delivery. Development of such technology is usually justified on the basis of the technology's potential to increase the autonomy of people living with long-term conditions. Studies of the ethics of smart-homes raise concerns about privacy, consent, social isolation and equity of access. Few studies have investigated the ethical perspectives of smart-home engineers themselves. By exploring the views of engineering researchers in a large smart-home project, we sought to contribute to dialogue between ethics and the engineering community. Methods: Either face-to-face or using Skype, we conducted in-depth qualitative interviews with 20 early- and mid-career smart-home researchers from a multi-centre smart-home project, who were asked to describe their own experience and to reflect more broadly about ethical considerations that relate to smart-home design. With participants' consent, interviews were audio-recorded, transcribed and analysed using a thematic approach. Results: Two overarching themes emerged: in 'Privacy', researchers indicated that they paid close attention to negative consequences of potential unauthorised information sharing in their current work. However, when discussing broader issues in smart-home design beyond the confines of their immediate project, researchers considered physical privacy to a lesser extent, even though physical privacy may manifest in emotive concerns about being watched or monitored. In 'Choice', researchers indicated they often saw provision of choice to end-users as a solution to ethical dilemmas. While researchers indicated that choices of end-users may need to be restricted for technological reasons, ethical standpoints that restrict choice were usually assumed and embedded in design. Conclusions: The tractability of informational privacy may explain the greater attention that is paid to it. However, concerns about physical privacy may reduce acceptability of smart-home technologies to future end-users. While attention to choice suggests links with privacy, this may misidentify the sources of privacy and risk unjustly burdening end-users with problems that they cannot resolve. Separating considerations of choice and privacy may result in more satisfactory treatment of both. Finally, through our engagement with researchers as participants this study demonstrates the relevance of (bio)ethics as a critical partner to smart-home engineering.

Amir Rahmati,Earlence Fernandes,Kevin Eykholt,Atul Prakash

DOI: https://doi.org/10.48550/arXiv.1801.04609

2018-01-14

Cryptography and Security

Abstract:Emerging smart home platforms, which interface with a variety of physical devices and support third-party application development, currently use permission models inspired by smartphone operating systems-they group functionally similar device operations into separate units, and require users to grant apps access to devices at that granularity. Unfortunately, this leads to two issues: (1) apps that do not require access to all of the granted device operations have overprivileged access to them, (2) apps might pose a higher risk to users than needed because physical device operations are fundamentally risk-asymmetric-"door.unlock" provides access to burglars, and "door.lock" can potentially lead to getting locked out. Overprivileged apps with access to mixed-risk operations only increase the potential for damage. We present Tyche, a system that leverages the risk-asymmetry in physical device operations to limit the risk that apps pose to smart home users, without increasing the user's decision overhead. Tyche introduces the notion of risk-based permissions. When using risk-based permissions, device operations are grouped into units of similar risk, and users grant apps access to devices at that risk-based granularity. Starting from a set of permissions derived from the popular Samsung SmartThings platform, we conduct a user study involving domain-experts and Mechanical Turk users to compute a relative ranking of risks associated with device operations. We find that user assessment of risk closely matches that of domain experts. Using this ranking, we define risk-based groupings of device operations, and apply it to existing SmartThings apps, showing that risk-based permissions indeed limit risk if apps are malicious or exploitable.

Kaufman Eran,Yigal Hoffner

2024-01-03

Abstract:Using rules for home automation presents several challenges, especially when considering multiple stakeholders in addition to residents, such as homeowners, local authorities, energy suppliers, and system providers, who will wish to contribute rules to safeguard their interests. Managing rules from various sources requires a structured procedure, a relevant policy, and a designated authority to ensure authorized and correct contributions and address potential conflicts. In addition, the smart home rule language needs to express conditions and decisions at a high level of abstraction without specifying implementation details such as interfaces, access protocols, and room layout. Decoupling high-level decisions from these details supports the transferability and adaptability of rules to similar homes. This separation also has important implications for structuring the smart home system and the security architecture. Our proposed approach and system implementation introduce a rule management process, a rule administrator, and a domain-specific rule language to address these challenges. In addition, the system provides a learning process that observes residents, detects behavior patterns, and derives rules which are then presented as recommendations to the system.

Cryptography and Security,Machine Learning

Ravindra Mangar,Timothy J. Pierson,David Kotz

DOI: https://doi.org/10.1109/mprv.2024.3421668

IF: 1.603

2024-10-19

IEEE Pervasive Computing

Abstract:In this article, we outline the challenges associated with the widespread adoption of smart devices in homes. These challenges are primarily driven by scale and device heterogeneity: a home may soon include dozens or hundreds of devices, across many device types, and may include multiple residents and other stakeholders. We develop a framework for reasoning about these challenges based on the deployment, operation, and decommissioning life cycle stages of smart devices within a smart home. We evaluate the challenges in each stage using the well-known CIA triad—Confidentiality, Integrity, and Availability. In addition, we highlight open research questions at each stage. Further, we evaluate solutions from Apple and Google using our framework and find notable shortcomings in these products. Finally, we sketch some preliminary thoughts on a solution for the smart home of the near future.

computer science, information systems,telecommunications,engineering, electrical & electronic

William Seymour,Martin J. Kraemer,Reuben Binns,Max Van Kleek

DOI: https://doi.org/10.1145/3313831.3376264

2020-01-25

Abstract:Connected devices in the home represent a potentially grave new privacy threat due to their unfettered access to the most personal spaces in people's lives. Prior work has shown that despite concerns about such devices, people often lack sufficient awareness, understanding, or means of taking effective action. To explore the potential for new tools that support such needs directly we developed Aretha, a privacy assistant technology probe that combines a network disaggregator, personal tutor, and firewall, to empower end-users with both the knowledge and mechanisms to control disclosures from their homes. We deployed Aretha in three households over six weeks, with the aim of understanding how this combination of capabilities might enable users to gain awareness of data disclosures by their devices, form educated privacy preferences, and to block unwanted data flows. The probe, with its novel affordances-and its limitations-prompted users to co-adapt, finding new control mechanisms and suggesting new approaches to address the challenge of regaining privacy in the connected home.

Human-Computer Interaction

Shahinur Alam

DOI: https://doi.org/10.48550/arXiv.2110.09273

2021-09-14

Computers and Society

Abstract:Smart homes are becoming ubiquitous, but they are not Americans with Disability Act (ADA) compliant. Smart homes equipped with ADA compliant appliances and services are critical for people with disabilities (i.e., visual impairments and limited mobility) to improve independence, safety, and quality of life. Despite all advancements in smart home technologies, some fundamental design and implementation issues remain. For example, people with disabilities often feel insecure to respond when someone knocks on the door or rings the doorbell. In this paper, we present an intelligent system called "SafeAccess+" to build safer and ADA compliant premises (e.g. smart homes, offices). The key functionalities of the SafeAccess+ are: 1) Monitoring the inside/outside of premises and identifying incoming people; 2) Providing users relevant information to assess incoming threats (e.g., burglary, robbery) and ongoing crimes 3) Allowing users to grant safe access to homes for friends/family members. We have addressed several technical and research challenges: - developing models to detect and recognize person/activity, generating image descriptions, designing ADA compliant end-end system. In addition, we have designed a prototype smart door showcasing the proof-of-concept. The premises are expected to be equipped with cameras placed in strategic locations that facilitate monitoring the premise 24/7 to identify incoming persons and to generate image descriptions. The system generates a pre-structured message from the image description to assess incoming threats and immediately notify the users. The completeness and generalization of models have been ensured through a rigorous quantitative evaluation. The users' satisfaction and reliability of the system has been measured using PYTHEIA scale and was rated excellent (Internal Consistency-Cronbach's alpha is 0.784, Test-retest reliability is 0.939 )

Soteris Demetriou,Nan Zhang,Yeonjoon Lee,Xiaofeng Wang,Carl Gunter,Xiaoyong Zhou,Michael Grace

DOI: https://doi.org/10.48550/arXiv.1703.01537

2017-03-04

Cryptography and Security

Abstract:A new development of smart-home systems is to use mobile apps to control IoT devices across a Home Area Network (HAN). Those systems tend to rely on the Wi-Fi router to authenticate other devices; as verified in our study, IoT vendors tend to trust all devices connected to the HAN. This treatment exposes them to the attack from malicious apps, particularly those running on authorized phones, which the router does not have information to control, as confirmed in our measurement study. Mitigating this threat cannot solely rely on IoT manufacturers, which may need to change the hardware on the devices to support encryption, increasing the cost of the device, or software developers who we need to trust to implement security correctly. In this work, we present a new technique to control the communication between the IoT devices and their apps in a unified, backward-compatible way. Our approach, called Hanguard, does not require any changes to the IoT devices themselves, the IoT apps or the OS of the participating phones. Hanguard achieves a fine-grained, per-app protection through bridging the OS-level situation awareness and the router-level per-flow control: each phone runs a non-system userspace Monitor app to identify the party that attempts to access the protected IoT device and inform the router through a control plane of its access decision; the router enforces the decision on the data plane after verifying whether the phone should be allowed to talk to the device. Hanguard uses a role-based access control (RBAC) schema which leverages type enforcement (TE) and multi-category security (MCS) primitives to define highly flexible access control rules. We implemented our design over both Android and iOS (>95% of mobile OS market share) and a popular router. Our study shows that Hanguard is both efficient and effective in practice.

Shegufta Bakht Ahsan,Rui Yang,Shadi A. Noghabi,Indranil Gupta

DOI: https://doi.org/10.1145/3447786.3456261

2020-07-24

Abstract:Smart environments (homes, factories, hospitals, buildings) contain an increasing number of IoT devices, making them complex to manage. Today, in smart homes where users or triggers initiate routines (i.e., a sequence of commands), concurrent routines and device failures can cause incongruent outcomes. We describe SafeHome, a system that provides notions of atomicity and serial equivalence for smart homes. Due to the human-facing nature of smart homes, SafeHome offers a spectrum of {\it visibility models} which trade off between responsiveness vs. incongruence of the smart home state. We implemented SafeHome and performed workload-driven experiments. We find that a weak visibility model, called {\it eventual visibility}, is almost as fast as today's status quo (up to 23\% slower) and yet guarantees serially-equivalent end states.

Distributed, Parallel, and Cluster Computing

Xiao Xue,Xinyang Li,Boyang Jia,Jiachen Du,Xinyi Fu

DOI: https://doi.org/10.1145/3613904.3642866

2024-01-01

Abstract:Recent HCI research has highlighted home automation's potential in providing residents with technology-enhanced domestic autonomy. However, in the cohabitation context, the prevalent solutionist paradigm of automated systems introduces challenges to non-experts, paradoxically marginalizing specifc members. This paper reports a co-creation initiative involving cohabitants, exploring a new understanding of empowerment in home automation. Participants collaborated to construct Trigger-Action Program (TAP) schemes using card-based tools during workshops. Our fndings showcase how cohabitants engaged in collective ideations and embodied diferent negotiation patterns, which reveals the signifcance of more perceptible and participatory design. We frame home automation as "problematic co-design", arguing the universal overlook of collaborative resources. Furthermore, we examine how automation systems act as obstacles and sources of empowerment through the co-design lens. The paper concludes with pragmatic recommendations for designers and researchers, emphasizing the need to foster contestability for cohabitants in the evolving home automation landscape.

Lachlan Urquhart,Jiahong Chen

DOI: https://doi.org/10.48550/arXiv.2006.11043

IF: 6.4588

2020-06-19

Human-Computer Interaction

Abstract:This chapter introduces the Accountability Principle and its role in data protection governance. We focus on what accountability means in the context of cybersecurity management in smart homes, considering the EU General Data Protection Law requirements to secure personal data. This discussion sits against the backdrop of two key new developments in data protection law. Firstly, the law is moving into the home, due to narrowing of the so called household exemption. Concurrently, household occupants may now have legal responsibilities to comply with the GDPR, as they find themselves jointly responsible for compliance, as they are possibly held to determine the means and purposes of data collection with IoT device vendors. As a complex socio-technical space, we consider the interactions between accountability requirements and the competencies of this new class of domestic data controllers (DDCs). Specifically, we consider the value and limitations of edge-based security analytics to manage smart home cybersecurity risks, reviewing a range of prototypes and studies of their use. We also reflect on interpersonal power dynamics in the domestic setting e.g. device control; existing social practices around privacy and security management in smart homes; and usability issues that may hamper DDCs ability to rely on such solutions. We conclude by reflecting on 1) the need for collective security management in homes and 2) the increasingly complex divisions of responsibility in smart homes between device users, account holders, IoT device/software/firmware vendors, and third parties.

Shashank Kotyan,Nishant Kumar,Pankaj Kumar Sahu,Venkanna Udutalapally

DOI: https://doi.org/10.48550/arXiv.1904.10354

2019-04-26

Abstract:Today, many of the home automation systems deployed are mostly controlled by humans. This control by humans restricts the automation of home appliances to an extent. Also, most of the deployed home automation systems use the Internet of Things technology to control the appliances. In this paper, we propose a system developed using action recognition to fully automate the home appliances. We recognize the three actions of a person (sitting, standing and lying) along with the recognition of an empty room. The accuracy of the system was 90% in the real-life test experiments. With this system, we remove the human intervention in home automation systems for controlling the home appliances and at the same time we ensure the data privacy and reduce the energy consumption by efficiently and optimally using home appliances.

Human-Computer Interaction,Computer Vision and Pattern Recognition

Hang Hu,Limin Yang,Shihan Lin,Gang Wang

DOI: https://doi.org/10.48550/arXiv.2001.04520

2020-01-14

Abstract:The popularity of smart-home assistant systems such as Amazon Alexa and Google Home leads to a booming third-party application market (over 70,000 applications across the two stores). While existing works have revealed security issues in these systems, it is not well understood how to help application developers to enforce security requirements. In this paper, we perform a preliminary case study to examine the security vetting mechanisms adopted by Amazon Alexa and Google Home app stores. With a focus on the authentication mechanisms between Alexa/Google cloud and third-party application servers (i.e. endpoints), we show the current security vetting is insufficient as developer mistakes can not be effectively detected and notified. A weak authentication would allow attackers to spoof the cloud to insert/retrieve data into/from the application endpoints. We validate the attack through ethical proof-of-concept experiments. To confirm vulnerable applications have indeed passed the security vetting and entered the markets, we develop a heuristic-based searching method. We find 219 real-world Alexa endpoints that carry the vulnerability, many of which are related to critical applications that control smart home devices and electronic cars. We have notified Amazon and Google about our findings and offered our suggestions to mitigate the issue.

Cryptography and Security