User experiences with simulated cyber-physical attacks on smart home IoT

N.M.A. Huijts (Corresponding author), A. Haans, S. Budimir, J.R.J. Fontaine, G. Loukas, A. Bezemskij, A. Oostveen, A. Filippoupolitis, I. Ras, W.A. IJsselsteijn, E.B. Roesch

Research output: Contribution to journalArticleAcademicpeer-review

3 Citations (Scopus)
22 Downloads (Pure)

Abstract

With the Internet of Things (IoT) becoming increasingly prevalent in people’s homes, new threats to residents are emerging such as the cyber-physical attack, i.e. a cyber-attack with physical consequences. In this study, we aimed to gain insights into how people experience and respond to cyber-physical attacks to their IoT devices. We conducted a naturalistic field experiment and provided 9 Dutch and 7 UK households, totalling 18 and 13 participants respectively, with a number of smart devices for use in their home. After a period of adaptation, simulated attacks were conducted, leading to events of varying noticeability (e.g., the light going on or off once or several times). After informing people simulated attacks had occurred, the attacks were repeated one more time. User experiences were collected through interviews and analysed with thematic analyses. Four relevant themes were identified, namely (1) the awareness of and concern about privacy and security risks was rather low, (2) the simulated attacks made little impression on the participants, (3) the participants had difficulties with correctly recognizing simulated attacks, and (4) when informed about simulated attacks taking place; participants noticed more simulated attacks and presented decision rules for them (but still were not able to identify and distinguish them well—see Theme 3). The findings emphasise the need for training interventions and an intrusion detection system to increase detection of cyber-physical attacks.

Original languageEnglish
Pages (from-to)2243-2266
Number of pages24
JournalPersonal and Ubiquitous Computing
Volume27
Issue number6
Early online date22 Sept 2023
DOIs
Publication statusPublished - Dec 2023

Funding

This study is part of the research project ‘Emotion Psychology Meets Cyber Security in IoT Smart Homes (Cocoon)’, funded by EU FP7 CHIST-ERA funding scheme (European Coordinated Research on Long-term Challenges in Information and Communication Sciences & Technologies ERA-NET) corresponding to grants FWO project G0H6416N-FWOOPR2016009701, EPSRC EP/P016448/1, and NWO project 651.002.002. We thank Martin Boschman and Aart van der Spank for their technical support.

FundersFunder number
European Commission
Nederlandse Organisatie voor Wetenschappelijk Onderzoek651.002.002
Seventh Framework ProgrammeG0H6416N-FWOOPR2016009701

    Keywords

    • Cyber-attack
    • IoT
    • Risk perception
    • Smart home
    • Thematic analysis

    Fingerprint

    Dive into the research topics of 'User experiences with simulated cyber-physical attacks on smart home IoT'. Together they form a unique fingerprint.

    Cite this