Peek-a-Boo: I see your smart home activities, even encrypted!

TL;DR

This paper demonstrates that passive network traffic analysis can accurately infer user activities and device states in smart homes, even when communications are encrypted, highlighting significant privacy risks.

Contribution

It introduces a novel multi-stage machine learning attack that identifies device states and user activities from encrypted traffic, and proposes a spoofed traffic countermeasure for privacy protection.

Findings

Achieves over 90% accuracy in identifying device states and user actions

Effective attack on both encrypted and unencrypted communications across multiple protocols

Spoofed traffic significantly reduces attack success, enhancing user privacy

Abstract

A myriad of IoT devices such as bulbs, switches, speakers in a smart home environment allow users to easily control the physical world around them and facilitate their living styles through the sensors already embedded in these devices. Sensor data contains a lot of sensitive information about the user and devices. However, an attacker inside or near a smart home environment can potentially exploit the innate wireless medium used by these devices to exfiltrate sensitive information from the encrypted payload (i.e., sensor data) about the users and their activities, invading user privacy. With this in mind,in this work, we introduce a novel multi-stage privacy attack against user privacy in a smart environment. It is realized utilizing state-of-the-art machine-learning approaches for detecting and identifying the types of IoT devices, their states, and ongoing user activities in a cascading style by only passively sniffing the network traffic from smart home devices and sensors. The attack effectively works on both encrypted and unencrypted communications. We evaluate the efficiency of the attack with real measurements from an extensive set of popular off-the-shelf smart home IoT devices utilizing a set of diverse network protocols like WiFi, ZigBee, and BLE. Our results show that an adversary passively sniffing the traffic can achieve very high accuracy (above 90%) in identifying the state and actions of targeted smart home devices and their users. To protect against this privacy leakage, we also propose a countermeasure based on generating spoofed traffic to hide the device states and demonstrate that it provides better protection than existing solutions.