Internet-connected voice-controlled speakers, also known as smart speakers, are increasingly popular due to their convenience for everyday tasks such as asking about the weather forecast or playing music. However, such convenience comes with privacy risks: smart speakers need to constantly listen in order to activate when the “wake word” is spoken, and are known to transmit audio from their environment and record it on cloud servers. In particular, this paper focuses on the privacy risk from smart speaker misactivations, i.e., when they activate, transmit, and/or record audio from their environment when the wake word is not spoken. To enable repeatable, scalable experiments for exposing smart speakers to conversations that do not contain wake words, we turn to playing audio from popular TV shows from diverse genres. After playing two rounds of 134 hours of content from 12 TV shows near popular smart speakers in both the US and in the UK, we observed cases of 0.95 misactivations per hour, or 1.43 times for every 10,000 words spoken, with some devices having 10% of their misactivation durations lasting at least 10 seconds. We characterize the sources of such misactivations and their implications for consumers, and discuss potential mitigations.
Abstract-Wireless Low-powered Sensing Systems (WLSS) are becoming more prevalent, taking the form of Wireless Sensor/Actuator Networks, Internet of Things, Phones etc. As node and network capabilities of such systems improve, there is more motivation to push computation into the network as it saves energy, prolongs system lifetime, and enables timely responses to events or control activities. Another advantage of such edgeprocessing is that these networks can become autonomous in the sense that users can directly query the network via any node in the network and are not required to connect to gateways or retrieve data via long range communications.Dragon is a scheme that efficiently identifies nodes that can reply to user requests based on static criteria that either describes that node or its data and provides the ability to near-optimally route queries or actuation control messages to those nodes. Dragon is scalable and agile as it does not require any central point orchestrating the search. In this paper we demonstrate significant performance improvements compared with state-ofthe-art approaches in terms of numbers of messages required (up to 93% less) and its ability to scale to 100s of nodes.
Consumer Internet of ings (IoT) devices are extremely popular, providing users with rich and diverse functionalities, from voice assistants to home appliances. ese functionalities o en come with signi cant privacy and security risks, with notable recent largescale coordinated global a acks disrupting large service providers.us, an important rst step to address these risks is to know what IoT devices are where in a network. While some limited solutions exist, a key question is whether device discovery can be done by Internet service providers that only see sampled ow statistics. In particular, it is challenging for an ISP to e ciently and e ectively track and trace activity from IoT devices deployed by its millions of subscribers-all with sampled network data.In this paper, we develop and evaluate a scalable methodology to accurately detect and monitor IoT devices at subscriber lines with limited, highly sampled data in-the-wild. Our ndings indicate that millions of IoT devices are detectable and identi able within hours, both at a major ISP as well as an IXP, using passive, sparsely sampled network ow headers. Our methodology is able to detect devices from more than 77% of the studied IoT manufacturers, including popular devices such as smart speakers. While our methodology is e ective for providing network analytics, it also highlights signi cant privacy consequences.
Internet of Things (IoT) devices are increasingly found in everyday homes, providing useful functionality for devices such as TVs, smart speakers, and video doorbells. Along with their benefits come potential privacy risks, since these devices can communicate information about their users to other parties over the Internet. However, understanding these risks in depth and at scale is difficult due to heterogeneity in devices' user interfaces, protocols, and functionality.In this work, we conduct a multidimensional analysis of information exposure from 81 devices located in labs in the US and UK. Through a total of 34,586 rigorous automated and manual controlled experiments, we characterize information exposure in terms of destinations of Internet traffic, whether the contents of communication are protected by encryption, what are the IoT-device interactions that can be inferred from such content, and whether there are unexpected exposures of private and/or sensitive information (e.g., video surreptitiously transmitted by a recording device). We highlight regional differences between these results, potentially due to different privacy regulations in the US and UK. Last, we compare our controlled experiments with data gathered from an in situ user study comprising 36 participants.
Despite the prevalence of Internet of Things (IoT) devices, there is little information about the purpose and risks of the Internet traffic these devices generate, and consumers have limited options for controlling those risks. A key open question is whether one can mitigate these risks by automatically blocking some of the Internet connections from IoT devices, without rendering the devices inoperable. In this paper, we address this question by developing a rigorous methodology that relies on automated IoT-device experimentation to reveal which network connections (and the information they expose) are essential, and which are not. We further develop strategies to automatically classify network traffic destinations as either required (i.e., their traffic is essential for devices to work properly) or not, hence allowing firewall rules to block traffic sent to non-required destinations without breaking the functionality of the device. We find that indeed 16 among the 31 devices we tested have at least one blockable non-required destination, with the maximum number of blockable destinations for a device being 11. We further analyze the destination of network traffic and find that all third parties observed in our experiments are blockable, while first and support parties are neither uniformly required or non-required. Finally, we demonstrate the limitations of existing blocklists on IoT traffic, propose a set of guidelines for automatically limiting non-essential IoT traffic, and we develop a prototype system that implements these guidelines.
Abstract-The number of Internet-connected sensing and control devices is growing. Some anticipate them to number in excess of 212 billion by 2020. Inherently, these devices generate continuous data streams, many of which need to be stored and processed. Traditional approaches, whereby all data are shipped to the cloud, may not continue to be effective as cloud infrastructure may not be able to handle myriads of data streams and their associated storage and processing needs. Using cloud infrastructure alone for data processing significantly increases latency, and contributes to unnecessary energy inefficiencies, including potentially unnecessary data transmission in constrained wireless networks, and on cloud computing facilities increasingly known to be significant consumers of energy. In this paper we present a distributed platform for wireless sensor networks which allows computation to be shifted from the cloud into the network. This reduces the traffic in the sensor network, intermediate networks, and cloud infrastructure. The platform is fully distributed, allowing every node in a homogeneous network to accept continuous queries from a user, find all nodes satisfying the user's query, find an optimal node (Fermat-Weber point) in the network upon which to process the query, and provide the result to the user. Our results show that the number of required messages can be decreased up to 49% and processing latency by 42% in comparison with state-of-the-art approaches, including Innet.
Abstract-A variety of wireless networks, including applications of Wireless Sensor Networks, Internet of Things, Cyberphysical Systems, etc., increasingly pervade our homes, retail, transportation systems and manufacturing processes. Traditional approaches communicate data from all sensors to a central system, and users (humans or machines) query this central point for results, typically via the web. As the number of deployed sensors, thus generated data streams, is increasing exponentially, this traditional approach may no longer be sustainable, or desirable in some application contexts. Therefore, new approaches are required to allow users to directly interact with the network, for example requesting data directly from sensor nodes. This is difficult, as it requires every node to be capable of point-to-point routing, in addition to identifying a subset of nodes that can fulfil a user's query. This paper presents DRAGON, a platform that allows any node in the network to identify all nodes that satisfy user queries, i.e. request data from nodes, and relay the result to the user. The DRAGON platform achieves this in a fully distributed way. No central orchestration is required, network overheads are low, and latency is improved over existing comparable methods. DRAGON is evaluated on networks of various topologies and different network densities. It is compared to the state-of-the-art algorithms based on summary trees, like Innet and SENS-Join. DRAGON is shown to outperform these approaches up to 88% in terms of network traffic required, also a proxy for energy efficiency, and 84% in terms of processing delay. Note to Practitioners:Abstract-This work is motivated by the continuing deluge of constrained, wirelessly connected sensing and control devices. Networks of communicable sensors and actuators are finding increased applicability across a range of industries and application scenarios. They are often thought of as a subset of the Internet of Things. However, due to the inherent difficulty in building theses systems, technically and in terms of balancing the trade-offs between (economic) cost and performance (energy, latency, reliability, determinism), uptake has been slow. The community is relatively small, and therefore has not overcome all of the problems that present themselves considering required functionality of industrial applications. There is a need to find find new ways to interact with these devices, particularly those with heterogeneous attributes. There is also clear motivation to progress from traditional system architectures, whereby all data sensed are transmitted to centralised storage and management platform, to decentralised means of interrogation and control. This work proposes a solution to this problem, describing and evaluating a novel framework to query constrained networked devices based on two key improvements over the current art. The first is construction and management of a dynamic routing mechanism that facilitates the second; a method to store static attributes in a distributed m...
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
334 Leonard St
Brooklyn, NY 11211
Copyright © 2023 scite Inc. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.