Smart Home or Smart Hell?: Modeling Smart Home IoT-Facilitated Abuse as a Cybersecurity Threat

Smart homes are just one application of IoT or the “Internet of Things.” As a solution to create a more automated “smart home” experience, users have the ability to control the temperature, or turn off their lights with a single command. However, smart home technology is vulnerable to unique cybersecurity and privacy issues due to the personal nature of user-device interactions. In addition, the multi-user environments in which IoT has been implemented has considerable social nuances which play a factor in interpersonal cybersecurity threats. Smart Home-IoT Facilitated Abuse (SH-IoTFA) is an alarming phenomenon of users weaponizing smart home technology as a tool to perpetrate “Intimate Partner Violence” (IPV) using the built-in, convenient features. Despite the emergence of research on SH-IoTFA, there is a need to implement greater consideration for potentially abusive affordances in the development process through an attacker-centric threat model framework. This thesis explores how Sh-IoTFA has emerged and evolved from traditional Technology- Facilitated Abuse (TFA) and demonstrates, through a thematic review of the current literature, how attacker motivations influence their relationship with a device, and in turn, transform seemingly innocuous convenience features into tools for surveillance, power exertion, and harassment. Furthermore, this thesis breaks down the relational aspect between the attacker’s motivations, the device features, and the assets at risk for a victim. Utilizing the threat scenario, the Google Nest Hub was then analyzed to identify how an abuse perpetrator may potentially misuse the device. Overall, through an integration of interdisciplinary perspectives, this research highlighted interpersonal threats as a cybersecurity concern and proposed a threat model that may reduce inadvertent harm to consumers