Paper Review: Security Analysis of Emerging Smart Home Applications

This is a paper review for: Fernandes, Earlence, Jaeyeon Jung, and Atul Prakash. "Security analysis of emerging smart home applications." 2016 IEEE symposium on security and privacy (SP). IEEE, 2016.

Summary

Several Smart home programming frameworks support third-party app development. These frameworks expose users to security risks. The authors of this paper presented an empirical study on SmartThings. They picked SmartThings since it has the most significant number of apps and has native support for device types of major manufacturers. The authors discovered security-critical design issues in SmartThings' capability model by revealing that the majority of apps in the framework's store are overprivileged. Besides that, the authors found that events that deal with SmartThings' event subsystem, which devices use to communicate with apps, hold sensitive information. The authors were able to prove these security flaws in real-life scenarios by stealing pin codes and causing fake fire alarms without the need to keep the required permissions to perform these actions.

Things I liked

Things I did not like:

Further research

Analyzing security threats that causes different types of attacks like Mirai

;