An official website of the United States government
When a consumer is finished using an electronic device (End-of- First-Use), they might recycle, resell, donate/give away, trade-in or throw it in the trash. There are security threats if a hostile party obtains the device and extracts data. Data wiping at End- of-First-Use is thus an important security behavior, one that has received scant analytical attention. To explore consumer behavior and reasoning behind data wiping practices, we undertake a survey of the U.S. population. One key result is that 31% of the population did not wipe data when dispositioning a device. When asked why not, 44% replied that they did not find data wiping important or that it did not occur to them. 33% replied the device was broken and data could not be wiped, 12% reported difficulty in wiping and 11% could not find a way to wipe. The 44% who thought data wiping was not important showed lower awareness of the security threat, 23% had heard that data can be recovered from discarded devices, versus 44% for the general population. The most prevalent device types for which data wiping was reported as unimportant are smart TVs, kitchen appliances, streaming, and gaming devices, suggesting that consumers may not be aware that private information is being stored on these devices. To inform future interventions that aim to raise awareness, we queried respondents where they obtained security knowledge. 47% replied that they learned about security threats from a single venue; social media was this single venue 43% of the time. This suggests that social media is a key channel for security education
more »
« less
Characterizing Everyday Misuse of Smart Home Devices
Exploration of Internet of Things (IoT) security often focuses on threats posed by external and technically-skilled attackers. While it is important to understand these most extreme cases, it is equally important to understand the most likely risks of harm posed by smart device ownership. In this paper, we explore how smart devices are misused – used without permission in a manner that causes harm – by device owners’ everyday associates such as friends, family, and romantic partners. In a preliminary characterization survey (n = 100), we broadly capture the kinds of unauthorized use and misuse incidents participants have experienced or engaged in. Then, in a prevalence survey (n = 483), we assess the prevalence of these incidents in a demographically-representative population. Our findings show that unauthorized use of smart devices is widespread (experienced by 43% of participants), and that misuse is also common (experienced by at least 19% of participants). However, highly individual factors determine whether these unauthorized use events constitute misuse. Through a focus on everyday abuses rather than severe-but-unlikely attacks, this work sheds light on the most prevalent security and privacy threats faced by smart homeowners today.
more »
« less
- Award ID(s):
- 1955805
- PAR ID:
- 10430386
- Date Published:
- Journal Name:
- Proceedings of the IEEE Symposium on Security and Privacy
- ISSN:
- 1063-9578
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
Household smart devices – internet-connected thermostats, lights, door locks, and more – have increased greatly in popularity. These devices provide convenience, yet can introduce issues related to safety, security, and usability. To better understand device owners’ recent negative experiences with widely deployed smart devices and how those experiences impact the ability to provide a safe environment for users, we conducted an online, survey-based study of 72 participants who have smart devices in their own home. Participants reported struggling to diagnose and recover from power outages and network failures, misattributing some events to hacking. For devices featuring built-in learning, participants reported difficulty avoiding false alarms, communicating complex schedules, and resolving conflicting preferences. Finally, while many smart devices support end-user programming, participants reported fears of breaking the system by writing their own programs. To address these negative experiences, we propose a research agenda for improving the transparency of smart devices.more » « less
-
This report will discuss and analyze the risks and challenges associated with smart home devices, focusing on vulnerabilities in commonly used products such as smart speakers, security cameras, thermostats, and lighting systems. As the adoption of smart home security grows globally, it has become clear that many users remain unaware of the associated security risks, leading to data breaches and potential privacy violations. This research evaluates the security features of these devices, the frequency of breaches, and common vulnerabilities. Using a mixed-methods approach—including a user survey, analysis of past cybersecurity incidents, and a detailed review of existing literature—this study assesses the current state of smart home device security. The findings aim to highlight gaps in user awareness, evaluate manufacturers’ protective measures, and provide recommendations for improving cybersecurity practices in smart home environments.more » « less
-
Wearable devices are a popular class of portable ubiquitous technology. These devices are available in a variety of forms, ranging from smart glasses to smart rings. The fact that smart wearable devices are attached to the body makes them particularly suitable to be integrated into people’s daily lives. Thus, we propose that wearables can be particularly useful to help people make sense of different kinds of information and situations in the course of their everyday activities, in other words, to help support learning in everyday life. Further, different forms of wearables have different affordances leading to varying perceptions and preferences, depending on the purpose and context of use. While there is research on wearable use in the learning context, it is mostly limited to specific settings and usually only explores wearable use for a specific task. This paper presents an online survey with 70 participants conducted to understand users’ preferences and perceptions of how wearables may be used to support learning in their everyday life. Multiple ways of use of wearable for learning were proposed. Asking for information was the most common learning-oriented use. The smartwatch/wristband, followed by the smart glasses, was the most preferred wearable form factor to support learning. Our survey results also showed that the choice of wearable type to use for learning is associated with prior wearable experience and that perceived social influence of wearables decreases significantly with gain in the experience with a fitness tracker. Overall, our study indicates that wearable devices have untapped potential to be used for learning in daily life and different form factors are perceived to afford different functions and used for different purposes.more » « less
-
We conducted 26 co-design interviews with 50 smarthome device owners to understand the perceived benefits, drawbacks, and design considerations for developing a smarthome system that facilitates co-monitoring with emergency contacts who live outside of one’s home. Participants felt that such a system would help ensure their personal safety, safeguard from material loss, and give them peace of mind by ensuring quick response and verifying potential threats. However, they also expressed concerns regarding privacy, overburdening others, and other potential threats, such as unauthorized access and security breaches. To alleviate these concerns, participants designed flexible and granular access control and fail-safe back-up features. Our study reveals why peer-based co-monitoring of smarthomes for emergencies may be beneficial but also difficult to implement. Based on the insights gained from our study, we provide recommendations for designing technologies that facilitate such co-monitoring while mitigating its risks.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Conference Paper:
- https://doi.org/10.1109/SP46215.2023.10179476
