Internet of Things (IoT) devices are increasingly found in homes, providing useful functionality and convenience, such as smart speakers, TVs, and video doorbells. Along with their benefits come potential risks, since these devices can communicate information (audio recordings, television viewing habits, video recordings, etc.) about their users to other parties over the Internet. To help understand and mitigate these risks, in the Mon(IoT)r Lab at Northeastern University, we are developing tools for measuring the behavior of IoT devices at a scale, such as their network traffic and any other visual signals they emit.
Led by Innovation Lab Fellow, Daniel Dubois, the Mon(IoT)r Lab Testbed focuses on understanding and mitigating privacy risks for smart speakers, under the observation that these devices have the capability to transmit, and/or record audio from their environments at any time. In a previous study, we have shown, by using a variety of audio materials played back at some smart speakers in a controlled manner, that different generations of smart speakers from the four leading manufacturers record and upload conversations when they should not (i.e., when their wake word is not spoken). Learn more about our analysis of smart speakers here.
At a glance information
Mon(IoT)r Lab is a testbed for monitoring and managing experiments for IoT devices. The software is currently deployed also at Imperial College London, and a new deployments are being installed at other institutions. The purpose of this software is the following:
- Provide wired and wireless network connectivity to IoT devices and their companion devices in a controlled way.
- Automatically collect traffic from devices connected to the testbed.
- Automatically try to perform man-in-the-middle of TLS connections, depending on the TLS interception policy. For example, if the auto-exception policy is used: if interception is possible, the decrypted data is collected, if not possible, disable the man-in-the-middle for devices and destination domains that do not allow it.
- Provide an arbitrary number of different independent connectivities that guarantee no interference among them. This allows researchers to run multiple independent experiments at the same time. In our specific setup at Northeastern, we use three connectivities.
- Allow researchers to specify a different gateway for each connectivity. This allows the use of different WAN connections, including VPNs with remote locations, without having to reconfigure any IoT device.
- Automatically organize the data by device and automatically tag it by MAC Address, IP address, and a customized device name.
- Allow researchers to mark experiments with arbitrary keywords to help relate collected traffic to what caused such traffic. This simplifies the organization of experiments.
- Allow to block the traffic for specific IoT devices using DNS override technique (i.e., override the answer of the DNS service to block or redirect IoT devices connections).
- Block IP traffic by device. Use a high-level interface for filtering IP traffic of individual IoT devices without having to interact directly with the firewall.
The Mon(IoT)r Testbed is currently being used at Northeastern University, Imperial College London, and soon at other institutions. All the labs where The Mon(IoT)r Lab is deployed can be connected using a VPN to each other, making it possible to run IoT experiments with connectivity of each other lab. The milestones ahead include having our testbed deployed in as many IoT lab as possible to facilitate research about IoT behavior in international contexts.
The Mon(IoT)r Testbed and its installation manual are available for download at Github: https://github.com/djdubois/moniotr-core