“The thing doesn't have a name”: Learning from emergent real-world interventions in smart home security

Research output: Chapter in Book/Conference proceedings/Edited volumeConference contributionScientificpeer-review

1 Downloads (Pure)

Abstract

Many consumer Internet-of-Things (IoT) devices are, and will remain, subject to compromise, often without the owner's knowledge. Internet Service Providers (ISPs) are among the actors best-placed to coordinate the remediation of these problems. They receive infection data and can notify customers of recommended remediation actions. There is insufficient understanding of what happens in peoples' homes and businesses during attempts to remediate infected IoT devices. We coordinate with an ISP and conduct remote think-aloud observations with 17 customers who have an infected device, capturing their initial efforts to follow best-practice remediation steps. We identify real, personal consequences from wide-scale interventions which lack situated guidance for applying advice. Combining observations and thematic analysis, we synthesize the personal stories of the successes and struggles of these customers. Most participants think they were able to pinpoint the infected device; however, there were common issues such as not knowing how to comply with the recommended actions, remediations regarded as requiring excessive effort, a lack of feedback on success, and a perceived lack of support from device manufacturers. Only 4 of 17 participants were able to successfully complete all remediation steps. We provide recommendations relevant to various stakeholders, to focus where emergent interventions can be improved.
Original languageEnglish
Title of host publicationProceedings of the 17th Symposium on Usable Privacy and Security, SOUPS 2021
PublisherUSENIX Association
Pages493-512
Number of pages20
ISBN (Electronic)9781939133250
Publication statusPublished - 2021
Event17th Symposium on Usable Privacy and Security, SOUPS 2021 - Virtual, Online
Duration: 9 Aug 202110 Aug 2021

Publication series

NameProceedings of the 17th Symposium on Usable Privacy and Security, SOUPS 2021

Conference

Conference17th Symposium on Usable Privacy and Security, SOUPS 2021
CityVirtual, Online
Period9/08/2110/08/21

Fingerprint

Dive into the research topics of '“The thing doesn't have a name”: Learning from emergent real-world interventions in smart home security'. Together they form a unique fingerprint.

Cite this