38C3 Community Stages

Aniketh Girish

Aniketh is a PhD student at the IMDEA Networks Institute and University Carlos III de Madrid (UC3M), Spain. His research focuses on measuring the prevalence of side channel privacy and security risks of smart home and mobile ecosystems. Prior to his current role at IMDEA, Aniketh earned his Master's in Cybersecurity and Bachelor's in Technology (B.Tech) from UC3M and Amrita Vishwa Vidyapeetham, India, respectively. Aniketh has collaborated with leading research labs, including the Cybersecurity and Privacy Institute at Northeastern University, USA, Rochester Institute of Technology, USA, and industry labs like IIJ Innovation Institute (IIJ-II), Tokyo. Aniketh's research has been recognized at top-tier international peer-reviewed conferences such as USENIX Security and ACM IMC. His contributions have been acknowledged by European Data Protection Agencies and industry leaders, influencing policy changes and security enhancements in IoT and Android platforms. Media outlets like WIRED, CBS, El Correo and El Pais have featured his work.


Session

12-30
17:00
40min
In the Room Where It Happens: Characterizing Local Communication and Threats in Smart Homes
Aniketh Girish

The network communication between Internet of Things (IoT) devices on the same local network has significant implications for platform and device interoperability, security, privacy, and correctness. Yet, the analysis of local home Wi-Fi network traffic and its associated security and privacy threats have been largely ignored by prior literature, which typically focuses on studying the communication between IoT devices and cloud end-points, or detecting vulnerable IoT devices exposed to the Internet. In this paper, we present a comprehensive and empirical measurement study to shed light on the local communication within a smart home deployment and its threats. We use a unique combination of passive network traffic captures, protocol honeypots, dynamic mobile app analysis, and crowdsourced IoT data from participants to identify and analyze a wide range of device activities on the local network. We then analyze these datasets to characterize local network protocols, security and privacy threats associated with them. Our analysis reveals vulnerable devices, insecure use of network protocols, and sensitive data exposure by IoT devices. We provide evidence of how this information is exfiltrated to remote servers by mobile apps and third-party SDKs, potentially for household fingerprinting, surveillance and cross-device tracking. We make our datasets and analysis publicly available to support further research in this area.

Privacy, Anonymity & Decentralisation
Stage YELL