A myriad of IoT devices such as bulbs, switches, speakers in a smart home environment allow users to easily control the physical world around them and facilitate their living styles. However, an attacker inside or near a smart home environment can potentially exploit the innate wireless medium used by these devices to exfiltrate sensitive information about the users and their activities, invading user privacy. With this in mind, in this work, we introduce a novel multi-stage privacy attack against user privacy in a smart environment. It is realized utilizing state-of-the-art machine-learning approaches for detecting and identifying particular types of IoT devices, their actions, states, and ongoing user activities in a cascading style by only observing passively the wireless traffic from smart home devices. The attack effectively works on both encrypted and unencrypted communications. We evaluate the efficiency of the attack with real measurements from an extensive set of popular off-the-shelf smart home IoT devices utilizing a set of diverse network protocols like WiFi, ZigBee, and BLE. Our results show that an adversary passively sniffing the network traffic can achieve very high accuracy (above 90%) in identifying the state and actions of targeted smart home devices and their users. In contrast to earlier straightforward approaches, our multi-stage privacy attack can perform activity detection and identification automatically without extensive background knowledge or specifications of the analyzed protocols. This allows an adversary to efficiently aggregate extensive behavior profiles of targeted users. To protect against this privacy leakage, we also propose a countermeasure based on generating spoofed network traffic to hide the real activities of the devices. We also demonstrate that the provided solution provides better protection than existing solutions.
View on arXiv