Dhananjai Bajpai (Marquette University), Keyang Yu (Marquette University)
Internet of Things (IoT) devices have been expanding rapidly and significantly improved the automation and convenience in modern smart homes. Such functionalities are supported by large amount of data collection, analysis and sharing, which may bring privacy threat to the smart home users. It is crucial to identify unauthorized traffic volume data generated by IoT device, to help user better understand the privacy threat to their IoT environment. This paper presents a cost-effective approach to monitoring data-sharing activities of household IoT devices using the Cisco OpenDNS platform. We have analyzed the Internet traffic data generated from four popular devices to identify unauthorized third-party data sharing. We have discovered that such data sharing exists in multiple types of IoT devices installed in the smart home, the Smart TVs are sharing user-specific viewing data with third parties without user’s consent, iPhone exhibits involuntary synchronization, and the IoT Plugs also show no unauthorized connection behavior. This user-specific, deployable pipeline contrasts with prior testbeddependent studies and highlights the need for transparent data governance.