A Study of Data Store-based Home Automation

12/04/2018
by   Kaushal Kafle, et al.
0

Home automation platforms provide a new level of convenience by enabling consumers to automate various aspects of physical objects in their homes. While the convenience is beneficial, security flaws in the platforms or integrated third-party products can have serious consequences for the integrity of a user's physical environment. In this paper we perform a systematic security evaluation of two popular smart home platforms, Google's Nest platform and Philips Hue, that implement home automation "routines" (i.e., trigger-action programs involving apps and devices) via manipulation of state variables in a centralized data store. Our semi-automated analysis examines, among other things, platform access control enforcement, the rigor of non-system enforcement procedures, and the potential for misuse of routines. This analysis results in ten key findings with serious security implications. For instance, we demonstrate the potential for the misuse of smart home routines in the Nest platform to perform a lateral privilege escalation, illustrate how Nest's product review system is ineffective at preventing multiple stages of this attack that it examines, and demonstrate how emerging platforms may fail to provide even bare-minimum security by allowing apps to arbitrarily add/remove other apps from the user's smart home. Our findings draw attention to the unique security challenges of platforms that execute routines via centralized data stores and highlight the importance of enforcing security by design in emerging home automation platforms.

READ FULL TEXT
research
09/10/2021

Towards Practical Integrity in the Smart Home with HomeEndorser

Home automation in modern smart home platforms is often facilitated usin...
research
02/08/2019

Privacy Leakage in Smart Homes and Its Mitigation: IFTTT as a Case Study

The combination of smart home platforms and automation apps introduces m...
research
01/14/2018

Tyche: Risk-Based Permissions for Smart Home Platforms

Emerging smart home platforms, which interface with a variety of physica...
research
06/29/2019

Helion: Enabling a Natural Perspective of Home Automation

Security researchers have recently discovered significant security and s...
research
10/17/2019

PFirewall: Semantics-Aware Customizable Data Flow Control for Home Automation Systems

Emerging Internet of Thing (IoT) platforms provide a convenient solution...
research
08/31/2023

Design Challenges for the Implementation of Smart Homes

Home automation for many years had faced challenges that limit its sprea...
research
12/29/2022

A Digital Twin-based Smart Home: A Proof of Concept Study

A Digital Twin is a virtual system that can fully describe a physical on...

Please sign up or login with your details

Forgot password? Click here to reset