Track: Smart devices

Part of:
9:30 AM, Wednesday 15 Jul 2020 EDT (1 hour 15 minutes)

To view the live presentation for this track, simply click on the red “Join on YouTube” button above. If you cannot see this button, make sure you are logged in (see the upper-right corner of your screen).

Session Chair: Florian Schaub

  • When Speakers Are All Ears: Characterizing Misactivations of IoT Smart Speakers

    Daniel J. Dubois (Northeastern University), Roman Kolcun (Imperial College London), Anna Maria Mandalari (Imperial College London), Muhammad Talha Paracha (Northeastern University), David Choffnes (Northeastern University), and Hamed Haddadi (Imperial College London)

    Pre-recorded presentation

    SummaryInternet-connected voice-controlled speakers, also known as smart speakers, are increasingly popular due to their convenience for everyday tasks such as asking about the weather forecast or playing music. However, such convenience comes with privacy risks: smart speakers need to constantly listen in order to activate when the “wake word” is spoken, and are known to transmit audio from their environment and record it on cloud servers. In particular, this paper focuses on the privacy risk from smart speaker misactivations, i.e., when they activate, transmit, and/or record audio from their environment when the wake word is not spoken. To enable repeatable, scalable experiments for exposing smart speakers to conversations that do not contain wake words, we turn to playing audio from popular TV shows from diverse genres. After playing two rounds of 134 hours of content from 12 TV shows near popular smart speakers in both the US and in the UK, we observed cases of 0.95 misactivations per hour, or 1.43 times for every 10,000 words spoken, with some devices having 10% of their misactivation durations lasting at least 10 seconds. We characterize the sources of such misactivations and their implications for consumers, and discuss potential mitigations.

  • Listen Only When Spoken To: Interpersonal Communication Cues as Smart Speaker Privacy Controls

    Abraham H. Mhaidli (University of Michigan), Manikandan Venkatesh (University of Michigan), Yixin Zou (University of Michigan), and Florian Schaub (University of Michigan)

    Pre-recorded presentation

    SummaryInternet of Things and smart home technologies pose challenges for providing effective privacy controls to users, as smart devices lack both traditional screens and input interfaces. We investigate the potential for leveraging interpersonal communication cues as privacy controls in the IoT context, in particular for smart speakers. We propose privacy controls based on two kinds of interpersonal communication cues – gaze direction and voice volume level – that only selectively activate a smart speaker’s microphone or voice recognition when the device is being addressed, in order to avoid constant listening and speech recognition by the smart speaker microphones and reduce false device activation. We implement these privacy controls in a smart speaker prototype and assess their feasibility, usability and user perception in two lab studies. We find that privacy controls based on interpersonal communication cues are practical, do not impair the smart speaker’s functionality, and can be easily used by users to selectively mute the microphone. Based on our findings, we discuss insights regarding the use of interpersonal cues as privacy controls for smart speakers and other IoT devices.

  • Energy-Efficient Dummy Traffic Generation for Home Automation Systems

    Frederik Möllers (Saarland University)

    Pre-recorded presentation

    SummaryHome and Building Automation Systems are becoming more and more popular these days. While they increase the comfort of living, they may also leak private information such as user presence to passive observers. In this paper we investigate approaches for the generation of dummy traffic in Home Automation Systems (HASs). We discuss fundamental requirements and their impact as well as two concrete dummy traffic generation algorithms. We measure the impact of Constant Rate Dummy Traffic (CRDT) on the responsiveness and energy efficiency of Home Automation Systems. As an alternative, we present the Naive Exponential Dummies (NED) generation scheme in which the balance between privacy guarantees and energy efficiency can be arbitrarily moved. We formally prove its privacy guarantees and evaluate it against realistic sample data.

Who's Attending 

  • 24 anonymous people