Anaheim, CA ― USENIX ― While cutting-edge technology, such as smart devices installed in modern homes, exacerbates issues of interpersonal abuse, security experts have introduced a framework aimed at swiftly enhancing our understanding of the privacy violations stemming from internet-of-things (IoT) devices.
During the 32nd USENIX Security Symposium, researcher Sophie Stephenson from the University of Wisconsin-Madison unveiled her team’s findings. Their work, detailed in a research paper titled “Abuse Vector: A Framework for Conceptualizing IoT-Enabled Interpersonal Abuse,” delved into extensive instances of interpersonal abuse linked to IoT devices. By doing so, they constructed four comprehensive vectors that encompass various forms of abuse associated with these technological gadgets.
In 2023, the adoption of smart home devices in the United States has surged, with an estimated 63.43 million households actively utilizing these technologies. This marks a notable 10.2% increase from the previous year, as reported by Statista. However, this rapid expansion hasn’t come without its consequences. Cases of interpersonal violence stemming from the misuse of these devices have been steadily on the rise.
For instance, a concerning incident involving Amazon’s Ring smart doorbell unfolded in 2018 when a man exploited the device to secretly spy on his ex-boyfriend. Apple’s AirTag, designed as a tracking tool to locate personal belongings via Bluetooth technology, took a darker turn as it became a tool used by stalkers to track their targets, causing significant concerns in the realm of digital safety last year.
In this study, the researchers gathered data from 70,399 distinct web pages through Google Search. Queries such as “spy on wife using camera” were employed to collect relevant information. After sifting through the data to eliminate irrelevant pages, a total of 26,286 web pages were left for closer examination. Eventually, the team engaged in a qualitative analysis of 320 of these web pages. Their efforts culminated in the identification of 32 distinct types of smart devices that were being exploited to surveil or harass victims.
“Our investigation provides a comprehensive archive of IoT abuse,” detailed the research team within their paper. They went on to emphasize, “No work has empirically measured the role of different smart devices in interpersonal abuse, nor has any work attempted to systematize our understanding of IoT abuse,” shedding light on the significance of their groundbreaking work.
Drawing on factors like covertness, ownership, and functionality of the tools, the researchers constructed a comprehensive framework that delineates into four distinct categories: covert spying, unauthorized access, repurposing, and intended use. If the device operates in a covert manner, it falls under the abuse vector of covert spying. When the device is visible but manipulated by someone other than its owner, it aligns with the unauthorized access vector. Lastly, whether the device is repurposed for a secondary use or utilized according to its intended function determines whether it fits within the repurposing vector or the intended use vector.
To tackle these risks, Stephenson put forth targeted solutions for each abuse vector. For example, she recommended that manufacturers and policymakers take steps to identify concealed devices, curtail the sale of spy-oriented gadgets, and clearly label devices with dual-use potential. She also proposed making access revocation easier, enabling users to swiftly block unauthorized access as a practical remedy.
“It is our responsibility to work to mitigate IoT-enabled interpersonal abuse and make smart devices safer for everyone,” added the researchers.
