Kieron Ivy Turk and Alice Hutchings, University of Cambridge
Internet of Things (IoT) devices are internet-connected household devices that make homes "smarter". They can be used maliciously for unintended purposes, including for intimate partner abuse. While abuse is a known issue, there is a lack of understanding of how abusers discover malicious uses. We run an exploration-based "abusability" study to understand how people learn to use IoT devices maliciously, and which abuses are most easily discoverable. We found that users with a variety of levels of technical expertise all focused on non-technical attacks, and identified the common features that enable these abuses. We identified access control and logging as two features which require redesigns to better protect against domestic abuse, and discuss the trade-offs of alternative designs. Finally, we propose an updated "Functionality-Enabled" adversary model for technology-facilitated domestic abuse.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Kieron Ivy Turk and Alice Hutchings},
title = {{Spy-oT}: Understanding How Users Learn to Use Internet of Things Devices For Abusive Purposes},
booktitle = {Twenty-First Symposium on Usable Privacy and Security (SOUPS 2025)},
year = {2025},
isbn = {978-1-939133-51-9},
address = {Seattle, WA},
pages = {185--203},
url = {https://www.usenix.org/conference/soups2025/presentation/turk},
publisher = {USENIX Association},
month = aug
}
