Overview
Explore a comprehensive security analysis of emerging smart home programming frameworks in this 20-minute IEEE conference talk. Delve into the potential security risks associated with third-party app development for smart home platforms, focusing on Samsung's SmartThings ecosystem. Discover the findings from a static source code analysis of 499 SmartApps and 132 device handlers, revealing significant design flaws and overprivilege issues. Learn about four proof-of-concept attacks that exploit these vulnerabilities, including planting and stealing door lock codes, disabling vacation mode, and triggering false alarms. Gain valuable insights into the security implications of smart home technologies and understand the lessons learned for designing more secure smart home programming frameworks in the future.
Syllabus
Security Analysis of Emerging Smart Home Applications
Taught by
IEEE Symposium on Security and Privacy