Currently, the ZigBee protocol is widely used in smart homes and provides convenience to people. However, smart home devices often carry a large amount of real physical world information, which may result in information leakage problems. In this paper, to reveal the privacy security issues existing in ZigBee-based smart home networks, we design a smart home privacy analysis system based on ZigBee-encrypted traffic, called ZPA. ZPA can extract ZigBee data features based on the device’s operating mode and time window and use state-of-the-art machine-learning models to identify the type and status of smart home devices that could leak users’ private information. Through the analysis of 20 different devices from 5 manufacturers, the results show that even if the ZigBee traffic is protected by encryption, the accuracy of the proposed method in device type identification and state inference can reach approximately 93% and 98%, respectively. The types and statuses of devices in smart homes will reveal the user’s activity information to a certain extent. The privacy security of ZigBee-based smart devices still needs to be further strengthened.
Read full abstract