UChicago Research Finds External Attackers Can Use IoT Devices as Motion Sensors

As connected Internet of Things (IoT) devices such as voice assistants, security cameras, and smart appliances grow in popularity, the homes and offices where they are installed become increasingly filled with a dense web of wi-fi signals. A new study from University of Chicago and University of California, Santa Barbara researchers finds that external attackers can use inexpensive technology to turn these ambient signals into motion detectors, monitoring activity inside a building without being detected themselves.

With only a small, commercially available wi-fi receiver, an attacker from outside the target site can measure the strength of signals emitted from connected devices and monitor a site remotely for motion, sensing whether a room is occupied or not. The research, led by UChicago CS Professors Heather Zheng and Ben Zhao and accepted for the Network and Distributed Systems Security (NDSS) symposium in February, reveals the technique of these attacks as well as potential defenses.

“It's what we call a silent surveillance attack,” said Zheng, a Neubauer Professor of Computer Science at the University of Chicago and expert on networking, security, and wireless technologies. “It's not just about privacy, it’s more about physical security protection. By just listening to existing wi-fi signals, someone will be able to see through the wall and detect whether there's activity or where there's a human, even without knowing the location of the devices. They can essentially do a monitoring surveillance of many locations. That’s very dangerous.”

The research builds upon earlier findings that exposed the ability to “see through walls” using wi-fi signals. However, previous methods detected indoor activity by sending signals into the building and measuring how they are reflected back to a receiver, a method that would be easy to detect and defend against. The new approach requires only “passive listening” to a building’s existing wi-fi signals, does not need to transmit any signals or break encryption, and grows more accurate when more IoT devices are present, raising significant security concerns.

“The worrisome thing here is that the attacker has minimal cost, can stay silent without emitting any signal, and still be able to get information about you,” Zheng said.

Connected devices typically do not communicate with the internet directly, but do so by regularly transmitting signals to an access point, a hardware device such as a router. When a person walks nearby either device in this conversation, it changes the signal subtly, such that the perturbation can be detected by a nearby receiver “sniffing” the signal. That’s enough information for an observer to know if a person (or large animal, the researchers add) is in the room, with very high accuracy.

Because most building materials do not block the propagation of wi-fi signals, the receiver does not even need to be in the same room or building as the access point or connected devices to pick up these changes. These wi-fi sniffers are available off the shelf and inexpensive, typically less than twenty dollars. They’re also small and unintrusive, easy to hide near target locations, and passive — sending no signal that could be detected by the target. 

The researchers also suggested different methods to block this surveillance technique. One protection would be to insulate buildings against wi-fi leakage; however, this would also prevent desirable signals, such as from cellular towers, from entering. Instead, they propose a simple technical method where access points emit a “cover signal” that mixes with signals from connected IoT devices, producing false data that would confuse anyone sniffing for wi-fi signatures of motion. 

“What the hacker will see is that there's always people around, so essentially you are creating noise, and they can’t tell whether there is an actual person there or not,” Zheng said. “You can think about it as a privacy button on your access point; you click it on and sacrifice a little bit of the bandwidth, but it protects your privacy.”

Zheng hopes that router manufacturers will consider introducing this privacy feature in future models; some of those firms have announced new features that use a similar method for motion detection, marketed as a home security benefit. The UChicago research has already received attention from Technology Review, Business Insider, and other tech publications, raising awareness of this new vulnerability. 

The study also reflects a growing research area in the Department of Computer Science, examining issues around increasingly prevalent connected “Internet of Things” (IoT) devices. The IoT Security and Privacy Group, which includes Zhao and Zheng and additional faculty members including Nick Feamster, Blase Ur, and Marshini Chetty, will investigate both the benefits and potential vulnerabilities of these technologies, and a new IoT Lab in the Center for Data and Computing provides devices for researchers and students to hack and study for research.

The paper, “Et Tu Alexa? When Commodity WiFi Devices Turn into Adversarial Motion Sensors,” also includes co-authors Zhujun Xiao, Max Liu, and Yuxin Chen of UChicago CS, as well as Yanzi Zhu and Zhijing Li of UCSB. All authors are members of the SAND (Systems, Algorithms, Networking and Data) Lab at UChicago.

Related News

More UChicago CS stories from this research area.
UChicago CS News

UChicago Hosts NSF Workshop on Frontiers of Quantum Advantage

Aug 15, 2022
UChicago CS News

New 2022-23 CS Faculty Add Expertise in Linguistics, Visualization, Economics, and Data Science Education

Aug 11, 2022
In the News

UChicago Co-Leads $10 Million NSF Institute on Foundations of Data Science

Aug 09, 2022
UChicago CS News

UChicago CS Faculty Receive Industry Grants From J.P. Morgan, Google

Jul 19, 2022
In the News

Bill Fefferman Comments on New Standards for Quantum-Proof Cryptography

Jul 07, 2022
UChicago CS News

UChicago London Colloquium Features Data Science, Quantum Research

Jul 01, 2022
Video

Is it Ethical to Use Facial Imaging in Decision-Making?

Jun 28, 2022
UChicago CS News

Single Sign-On Migration for Chameleon Project Receives PEARC Best Paper Award

Jun 27, 2022
UChicago CS News

EPiQC Post-Doc Pens Op-Ed on Potential of Quantum Computing for Chemistry

Jun 24, 2022
UChicago CS News

Faculty Bill Fefferman and Chenhao Tan Receive Google Research Scholar Awards

Jun 21, 2022
UChicago CS News

Prof. Yanjing Li Receives Under-40 Innovators Award from DAC

Jun 15, 2022
UChicago CS News

UChicago CS Chair Michael Franklin Part of SIGMOD Award-Winning Team

Jun 15, 2022
arrow-down-largearrow-left-largearrow-right-large-greyarrow-right-large-yellowarrow-right-largearrow-right-smallbutton-arrowclosedocumentfacebookfacet-arrow-down-whitefacet-arrow-downPage 1CheckedCheckedicon-apple-t5backgroundLayer 1icon-google-t5icon-office365-t5icon-outlook-t5backgroundLayer 1icon-outlookcom-t5backgroundLayer 1icon-yahoo-t5backgroundLayer 1internal-yellowinternalintranetlinkedinlinkoutpauseplaypresentationsearch-bluesearchshareslider-arrow-nextslider-arrow-prevtwittervideoyoutube