On the Safety of IoT Device Physical Interaction Control

Emerging Internet of Things (IoT) platforms provide increased functionality to enable human interaction with the physical world in an autonomous manner. The physical interaction features of IoT platforms allow IoT devices to make an impact on the physical environment. However, such features also bring new safety challenges, where attackers can leverage stealthy physical interactions to launch attacks against IoT systems. In this paper, we propose a framework called IoTMon that discovers any possible physical interactions and generates all potential interaction chains across applications in the IoT environment. IoTMon also includes an assessment of the safety risk of each discovered inter-app interaction chain based on its physical influence. To demonstrate the feasibility of our approach, we provide a proof-of-concept implementation of IoTMon and present a comprehensive system evaluation on the Samsung SmartThings platform. We study 185 official Smart-Things applications and find they can form 162 hidden inter-app interaction chains through physical surroundings. In particular, our experiment reveals that 37 interaction chains are highly risky and could be potentially exploited to impact the safety of the IoT environment.