Brennen Bouwmeester, Elsa Rebeca Turcios Rodríguez, Carlos H. Gañán, Michel van Eeten, and Simon Parkin, TU Delft
Many consumer Internet-of-Things (IoT) devices are, and will remain, subject to compromise, often without the owner's knowledge. Internet Service Providers (ISPs) are among the actors best-placed to coordinate the remediation of these problems. They receive infection data and can notify customers of recommended remediation actions. There is insufficient understanding of what happens in peoples' homes and businesses during attempts to remediate infected IoT devices. We coordinate with an ISP and conduct remote think-aloud observations with 17 customers who have an infected device, capturing their initial efforts to follow best-practice remediation steps. We identify real, personal consequences from wide-scale interventions which lack situated guidance for applying advice. Combining observations and thematic analysis, we synthesize the personal stories of the successes and struggles of these customers. Most participants think they were able to pinpoint the infected device; however, there were common issues such as not knowing how to comply with the recommended actions, remediations regarded as requiring excessive effort, a lack of feedback on success, and a perceived lack of support from device manufacturers. Only 4 of 17 participants were able to successfully complete all remediation steps. We provide recommendations relevant to various stakeholders, to focus where emergent interventions can be improved.
SOUPS 2021 Open Access Videos Sponsored by
Ethyca
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Brennen Bouwmeester and Elsa Rodr{\'\i}guez and Carlos Ga{\~n}{\'a}n and Michel van Eeten and Simon Parkin},
title = {"The Thing Doesn{\textquoteright}t Have a Name": Learning from Emergent {Real-World} Interventions in Smart Home Security},
booktitle = {Seventeenth Symposium on Usable Privacy and Security (SOUPS 2021)},
year = {2021},
isbn = {978-1-939133-25-0},
pages = {493--512},
url = {https://www.usenix.org/conference/soups2021/presentation/bouwmeester},
publisher = {USENIX Association},
month = aug
}