Abstract
With the Internet of Things (IoT) becoming increasingly prevalent in people’s homes, new threats to residents are emerging such as the cyber-physical attack, i.e. a cyber-attack with physical consequences. In this study, we aimed to gain insights into how people experience and respond to cyber-physical attacks to their IoT devices. We conducted a naturalistic field experiment and provided 9 Dutch and 7 UK households, totalling 18 and 13 participants respectively, with a number of smart devices for use in their home. After a period of adaptation, simulated attacks were conducted, leading to events of varying noticeability (e.g., the light going on or off once or several times). After informing people simulated attacks had occurred, the attacks were repeated one more time. User experiences were collected through interviews and analysed with thematic analyses. Four relevant themes were identified, namely (1) the awareness of and concern about privacy and security risks was rather low, (2) the simulated attacks made little impression on the participants, (3) the participants had difficulties with correctly recognizing simulated attacks, and (4) when informed about simulated attacks taking place; participants noticed more simulated attacks and presented decision rules for them (but still were not able to identify and distinguish them well—see Theme 3). The findings emphasise the need for training interventions and an intrusion detection system to increase detection of cyber-physical attacks.
Original language | English |
---|---|
Pages (from-to) | 2243-2266 |
Number of pages | 24 |
Journal | Personal and Ubiquitous Computing |
Volume | 27 |
Issue number | 6 |
Early online date | 22 Sept 2023 |
DOIs | |
Publication status | Published - Dec 2023 |
Funding
This study is part of the research project ‘Emotion Psychology Meets Cyber Security in IoT Smart Homes (Cocoon)’, funded by EU FP7 CHIST-ERA funding scheme (European Coordinated Research on Long-term Challenges in Information and Communication Sciences & Technologies ERA-NET) corresponding to grants FWO project G0H6416N-FWOOPR2016009701, EPSRC EP/P016448/1, and NWO project 651.002.002. We thank Martin Boschman and Aart van der Spank for their technical support.
Funders | Funder number |
---|---|
European Commission | |
Nederlandse Organisatie voor Wetenschappelijk Onderzoek | 651.002.002 |
Seventh Framework Programme | G0H6416N-FWOOPR2016009701 |
Keywords
- Cyber-attack
- IoT
- Risk perception
- Smart home
- Thematic analysis