Being Hacked: Understanding Victims' Experiences of IoT Hacking


Asreen Rostami, RISE Research Institutes of Sweden & Stockholm University; Minna Vigren, Stockholm University; Shahid Raza, RISE Research Institutes of Sweden; Barry Brown, Stockholm University & Department of Computer Science, University of Copenhagen


From light bulbs to smart locks, IoT is increasingly embedded into our homes and lives. This opens up new vulnerabilities as IoT devices can be hacked and manipulated to cause harm or discomfort. In this paper we document users' experiences of having their IoT systems hacked through 210 self-reports from Reddit, device support forums, and Amazon review pages. These reports and the discussion around them show how uncertainty is at the heart of 'being hacked'. Hacks are sometimes difficult to detect, and users can mistake unusual IoT behaviour as evidence of a hack, yet this can still cause considerable emotional hurt and harm. In discussion, we shift from seeing hacks as technical system failings to be repaired, to seeing them as sites for care and user support. Such a shift in perspective opens a new front in designing for hacking - not just prevention but alleviating harm.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

@inproceedings {281212,
author = {Asreen Rostami and Minna Vigren and Shahid Raza and Barry Brown},
title = {Being Hacked: Understanding Victims{\textquoteright} Experiences of {IoT} Hacking},
booktitle = {Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022)},
year = {2022},
isbn = {978-1-939133-30-4},
address = {Boston, MA},
pages = {613--631},
url = {},
publisher = {USENIX Association},
month = aug,