1 of 27

Toward discovering and identifying real-world IoT devices

Danny Y. Huang

Assistant Professor

Center for Cyber Security

New York University

2 of 27

We are surrounded by IoT devices

Not just my home, but elsewhere too

3 of 27

IoTs in someone else’s home (Airbnb)

4 of 27

IoTs in my home but I have no control

5 of 27

New threat model

I may not know of or have control over an IoT device

An IoT device can be easily used by anyone

6 of 27

Overall research questions

What devices are around me?

What are these devices doing?

7 of 27

Easy to buy covert spying devices

8 of 27

Easy to buy covert spying devices

9 of 27

Characteristics of our sample of 163 potential spy devices

USENIX Security ’23

Nick Ceccio

Sophie Stephenson

Varun Chadha

Danny Yuxing Huang

Rahul Chatterjee

10 of 27

Some devices explicitly claim to catch cheating spouse

11 of 27

Advertised use cases of devices used for spying

USENIX Security ’23

12 of 27

Fing App: scan for devices on wireless network

13 of 27

Non-WiFi based detectors on the market

14 of 27

Detectors’ readings constantly fluctuate

USENIX Security ’23

15 of 27

Challenges in detecting devices

Training data

More precise techniques

Usability for non-experts

16 of 27

Crowdsourcing network fingerprints from devices

IMWUT/Ubicomp ‘20

Danny Yuxing Huang

Noah Apthorpe

Gunes Acar

Frank Li

Nick Feamster

17 of 27

User interface: device list

18 of 27

User interface: device activity

19 of 27

Large training dataset from real-world devices

63K+ Internet-connected devices across 6K users worldwide since 2019

Median running time: ~40 minutes

20 of 27

Data collected by IoT Inspector

  • Active scans (mDNS, SSDP, User Agent)
  • Passive traffic (DHCP, DNS, TLS): headers
  • User labels

21 of 27

Challenges in device identification using IoT Inspector data

Cleaning labels from users and devices

No ground truth; can only check for consistency

22 of 27

Overall research questions

What devices are around me?

What are these devices doing?

23 of 27

General challenges in discovering and locating devices

Layer

Work

Venue

Identifies devices

Locates devices

Usable

IP

IoT Inspector

IMWUT ‘20

Yes

No

Maybe

802.11

Wi-Peep

MobiCom ‘22

Maybe

yes

No

BLE

AirGuard

WiSec ‘22

AirTag only?

No

Maybe

LTE

?

?

?

?

?

24 of 27

Locating 802.11-based devices with time-of-flight

MobiCom ‘22

Ali Abedi

Deepak Vasisht

25 of 27

Emulating Apple’s UI/UX in locating 802.11-based devices

Demo: https://photos.app.goo.gl/d1MsJUJk4dQwdXa76

26 of 27

Deployment for real-world use

Usability:

Form factor: app vs hardware

Location: in situ vs dedicated center

Instructions: self-driven vs phone

One-time scan vs continuous monitoring

False positives and negatives

Taking actions

Airbnb

IPV scenarios

Working with CETA

27 of 27

Summary

Research questions:

What devices around me?

What these devices are doing?

Challenges

Training data

Precision

Usability

Ethics & safety