Cybersecurity News that Matters

Cybersecurity News that Matters

When love turns into a monster: researchers shed light on IoT-enabled abuse by the intimate

by Dain Oh, Areum Hwang

Aug. 10, 2023
6:10 PM GMT+9

Anaheim, CA ― USENIX ― While cutting-edge technology, such as smart devices installed in modern homes, exacerbates issues of interpersonal abuse, security experts have introduced a framework aimed at swiftly enhancing our understanding of the privacy violations stemming from internet-of-things (IoT) devices.

During the 32nd USENIX Security Symposium, researcher Sophie Stephenson from the University of Wisconsin-Madison unveiled her team’s findings. Their work, detailed in a research paper titled “Abuse Vector: A Framework for Conceptualizing IoT-Enabled Interpersonal Abuse,” delved into extensive instances of interpersonal abuse linked to IoT devices. By doing so, they constructed four comprehensive vectors that encompass various forms of abuse associated with these technological gadgets.

Sophie Stephenson from the University of Wisconsin-Madison is delivering a presentation during the 32nd USENIX Security Symposium on Wednesday. Photo by Dain Oh, The Readable 

In 2023, the adoption of smart home devices in the United States has surged, with an estimated 63.43 million households actively utilizing these technologies. This marks a notable 10.2% increase from the previous year, as reported by Statista. However, this rapid expansion hasn’t come without its consequences. Cases of interpersonal violence stemming from the misuse of these devices have been steadily on the rise.

For instance, a concerning incident involving Amazon’s Ring smart doorbell unfolded in 2018 when a man exploited the device to secretly spy on his ex-boyfriend. Apple’s AirTag, designed as a tracking tool to locate personal belongings via Bluetooth technology, took a darker turn as it became a tool used by stalkers to track their targets, causing significant concerns in the realm of digital safety last year.

In this study, the researchers gathered data from 70,399 distinct web pages through Google Search. Queries such as “spy on wife using camera” were employed to collect relevant information. After sifting through the data to eliminate irrelevant pages, a total of 26,286 web pages were left for closer examination. Eventually, the team engaged in a qualitative analysis of 320 of these web pages. Their efforts culminated in the identification of 32 distinct types of smart devices that were being exploited to surveil or harass victims.

“Our investigation provides a comprehensive archive of IoT abuse,” detailed the research team within their paper. They went on to emphasize, “No work has empirically measured the role of different smart devices in interpersonal abuse, nor has any work attempted to systematize our understanding of IoT abuse,” shedding light on the significance of their groundbreaking work.

Source: Abuse Vector: A Framework for Conceptualizing IoT-Enabled Interpersonal Abuse

Drawing on factors like covertness, ownership, and functionality of the tools, the researchers constructed a comprehensive framework that delineates into four distinct categories: covert spying, unauthorized access, repurposing, and intended use. If the device operates in a covert manner, it falls under the abuse vector of covert spying. When the device is visible but manipulated by someone other than its owner, it aligns with the unauthorized access vector. Lastly, whether the device is repurposed for a secondary use or utilized according to its intended function determines whether it fits within the repurposing vector or the intended use vector.

To tackle these risks, Stephenson put forth targeted solutions for each abuse vector. For example, she recommended that manufacturers and policymakers take steps to identify concealed devices, curtail the sale of spy-oriented gadgets, and clearly label devices with dual-use potential. She also proposed making access revocation easier, enabling users to swiftly block unauthorized access as a practical remedy.

“It is our responsibility to work to mitigate IoT-enabled interpersonal abuse and make smart devices safer for everyone,” added the researchers.

Subscription

Subscribe to our newsletter for the latest insights and trends. Tailor your subscription to fit your interests:

By subscribing, you agree to our Privacy Policy. We respect your privacy and are committed to protecting your personal data. Your email address will only be used to send you the information you have requested, and you can unsubscribe at any time through the link provided in our emails.

  • Dain Oh
    : Author

    Dain Oh is a distinguished journalist based in South Korea, recognized for her exceptional contributions to the field. As the founder and editor-in-chief of The Readable, she has demonstrated her expe...

    View all posts
  • Areum Hwang
Authors: ,
Stay Ahead with The Readable's Cybersecurity Insights