Noisy Networks, Nosy Neighbors: Simple Privacy Attacks Against Residential Wireless Traffic

TL;DR

This study shows that even casual neighbors with minimal tools can infer detailed private information from smart home wireless traffic, highlighting significant privacy risks.

Contribution

It demonstrates that simple, low-resource adversaries can successfully perform sophisticated privacy attacks on smart home networks without advanced expertise.

Findings

Casual attackers can identify devices and user states.

They can track smartphone movements through walls.

They can extract detailed daily routines including sleep patterns.

Abstract

Smart devices, such as light bulbs, TVs, fridges, etc., equipped with computing capabilities and wireless communication, are part of everyday life in many households. Previous work has already shown that a passive eavesdropper can derive private information, household routines, etc., from the network traffic of smart devices. However, existing attacks rely on capable adversaries with specialized machine learning expertise, labeled training data and reference devices, leaving it unclear how vulnerable ordinary households are to less sophisticated attackers. In this paper, we investigate the extent to which a ,,casual attacker'' with straightforward IT skills and no specialized cybersecurity or ML tooling can reproduce such privacy attacks. Operating from an adjacent room in a real-world apartment building, we constrain our adversary to use only three off-the-shelf Raspberry Pis, Wireshark, and basic Python scripts. Through a three-week study, we demonstrate that this casual attacker can manually identify devices, recognize user states, track smartphone movements through walls via RSSI triangulation, and successfully extract detailed daily routines, including sleep patterns of guests. Our findings show that smart-home privacy leakage is a threat even from low-resourced, straightforward adversaries, e.g., neighbors.