User experiences with simulated cyber‑physical attacks on smart home IoT

Date published

2023-09-22

Free to read from

Supervisor/s

Journal Title

Journal ISSN

Volume Title

Publisher

Springer

Department

Type

Article

ISSN

1617-4909

Format

Citation

Huijts NMA, Haans A, Budimir S, et al., (2023) User experiences with simulated cyber‑physical attacks on smart home IoT, Personal and Ubiquitous Computing, Volume 27, December 2023, pp. 2243–2266

Abstract

With the Internet of Things (IoT) becoming increasingly prevalent in people’s homes, new threats to residents are emerging such as the cyber-physical attack, i.e. a cyber-attack with physical consequences. In this study, we aimed to gain insights into how people experience and respond to cyber-physical attacks to their IoT devices. We conducted a naturalistic field experiment and provided 9 Dutch and 7 UK households, totalling 18 and 13 participants respectively, with a number of smart devices for use in their home. After a period of adaptation, simulated attacks were conducted, leading to events of varying noticeability (e.g., the light going on or off once or several times). After informing people simulated attacks had occurred, the attacks were repeated one more time. User experiences were collected through interviews and analysed with thematic analyses. Four relevant themes were identified, namely (1) the awareness of and concern about privacy and security risks was rather low, (2) the simulated attacks made little impression on the participants, (3) the participants had difficulties with correctly recognizing simulated attacks, and (4) when informed about simulated attacks taking place; participants noticed more simulated attacks and presented decision rules for them (but still were not able to identify and distinguish them well—see Theme 3). The findings emphasise the need for training interventions and an intrusion detection system to increase detection of cyber-physical attacks.

Description

Software Description

Software Language

Github

Keywords

cyber-attack, IoT, smart home, thematic analysis, risk perception

DOI

Rights

Attribution 4.0 International

Relationships

Relationships

Supplements

Funder/s

European Union funding: G0H6416N-FWOOPR201600970; Engineering and Physical Sciences Research Council (EPSRC): EP/P016448/1; NWO: 651.002.002