Smart speakers and cameras have become household staples, connecting us in unprecedented ways. However, convenience comes with concerns. Commercial IoT safeguards have emerged to counter privacy and security threats, but their effectiveness remains uncertain. We present the results of our findings to the 44th IEEE Symposium on Security and Privacy (Oakland 2023).
We propose an open-source methodology, using automated experiments to evaluate how IoT safeguards detect threats. Surprisingly, these safeguards may fall short in alerting users to risks. Furthermore, their cloud interactions and data collection practices might inadvertently expose users to additional privacy risks.
We have suggested remedies, informing policy makers Italian Data Protection Authority and emphasising local traffic analysis, edge-based solutions on home gateways, and innovative approaches for mitigating privacy and security risks. Regulatory standards and guidelines for manufacturers are essential to ensure the ethical use of consumer devices.
Learn more about the PETRAS PRISM research project: