Emerging Internet of Things (IoT) systems leverage connected devices to enable intelligent and automated functionalities. Despite the benefits, there exist privacy risks of network traffic, which have been studied by the previous research. However, with the current privacy inference remaining at the event-level, potential privacy risks are underestimated, which, as our study shows, can be much higher than previously reported through app-level traffic analysis. A key observation of our research is that IoT event-triggered traffic is generated by apps, which often adopt an if-trigger-then-action (trigger-action) programming paradigm. We utilize this feature to develop fingerprints to differentiate running apps and learn context-rich privacy-sensitive information from apps. In this article, we present a privacy leakage analysis called ALTA to infer running apps in smart home IoT environments. First, ALTA identifies app fingerprints through static analysis and extracts sensitive information from app descriptions and input prompts. Then, through dynamic traffic profiling, it learns traffic fingerprints of apps. Finally, ALTA matches the fingerprints of app and traffic, and thus is able to pinpoint which app is running from IoT traffic at runtime. To demonstrate the feasibility of our approach, we analyze 254 SmartThings applications via program and natural language processing (NLP) analysis. We also perform the app inference evaluation on 31 apps executed in a simulated smart home. The results suggest that ALTA can effectively infer running apps from IoT traffic and learn context-rich information (e.g., health conditions, daily routines, and user activities) from apps with high accuracy.
Read full abstract