1. ©2017CarnegieMellonUniversity:1
Are my Devices Spying on Me?
Living in a World of Ubiquitous Computing
Lakehead University
Feb 2019
Jason Hong
@jas0nh0ng
jasonh@cs.cmu.edu
Computer
Human
Interaction:
Mobility
Privacy
Security

2. ©2019CarnegieMellonUniversity:2
In the near future, our
smart devices will know
everything about us

3. ©2019CarnegieMellonUniversity:3

4. ©2019CarnegieMellonUniversity:4

5. ©2019CarnegieMellonUniversity:5
We Are Just Starting to Enter
the Third Wave of Computing
• First Wave: Computation
– Making the basics of computers work
• Second Wave: Networking
– Connecting computers around the world
• Third Wave: Ubiquitous Computing
– Also called Internet of Things (IoT)
– Computation, communication, sensing, and
actuation woven into our everyday physical world
– Possible because of faster wireless networking,
cheap sensors, better CPUs, decreasing costs

6. ©2019CarnegieMellonUniversity:6
Smartphones Give Us a Glimpse of this
Coming World
• Over 1B smartphones
sold every year
• Well over 100B apps
downloaded on each of
Android and iOS
• Incredibly intimate devices

7. ©2019CarnegieMellonUniversity:7
Smartphones are Intimate
Fun Facts about Millennials
• 83% sleep with phones

8. ©2019CarnegieMellonUniversity:8
Smartphones are Intimate
Fun Facts about Millennials
• 83% sleep with phones
• 90% check first thing in morning

9. ©2019CarnegieMellonUniversity:9
Smartphones are Intimate
Fun Facts about Millennials
• 83% sleep with phones
• 90% check first thing in morning
• 1 in 3 use in bathroom

10. ©2019CarnegieMellonUniversity:10
Smartphone Data is Intimate
Who we know
(contacts + call log)
Sensors
(accel, sound, light)
Where we go
(gps, photos)

11. ©2019CarnegieMellonUniversity:11
These Technologies Offer Many Benefits
to Society
• These devices +
artificial intelligence
technologies will allow
us to build amazing
things
– Healthcare
– Urban analytics
– Physical safety

12. ©2019CarnegieMellonUniversity:12
These Exact Same Technologies Pose
Significant Societal Challenges for Privacy

13. ©2019CarnegieMellonUniversity:13
A Personal Story About Privacy
• In my first year teaching
at Carnegie Mellon, met
students in their lab
• Didn’t know until end of
semester that I was
being broadcast on
Internet the entire
time!
– Do you see the camera?

14. ©2019CarnegieMellonUniversity:14

15. ©2019CarnegieMellonUniversity:15
Wide Range of Privacy Risks
Everyday Risks Extreme Risks
Stalkers, Hackers
_________________________________
Well-being
Personal safety
Blackmail
Employers
_________________________________
Over-monitoring
Discrimination
Reputation
Friends, Family
_________________________________
Over-protection
Social obligations
Embarrassment
Government
__________________________
Civil liberties
• It’s not just Big Brother
• It’s not just corporations
• Privacy is about our relationships with every
other individual and organization out there

16. ©2019CarnegieMellonUniversity:16
Outline for Rest of this Talk
• How do these technologies work?
– What data do devices have? Where does our data go?
– What is machine learning, and how does it work?
• Five reasons why privacy is so hard
• I want to help you make better informed decisions
• Call to action for privacy
– There is a better world we can build here
– We can only succeed through collective effort

17. ©2019CarnegieMellonUniversity:17
Let’s Go Back to Smartphones
• Smartphones are everywhere,
they have lots of sensors + data
• Trajectory of Internet of Things
will likely match smartphones
• Case: Can we use smartphones
as a sleep monitor?
– Part of larger project on detecting
depression and well-being
– Step you thru how it works

18. ©2019CarnegieMellonUniversity:18
Smartphones Have Lots of Data About You
• Sensor data
– Camera
– Proximity
– Light
– Microphone
– Location
– Accelerometer
– Gyroscope
– Magnetometer
– Temperature
– Humidity

19. ©2019CarnegieMellonUniversity:19
Smartphones Have Lots of Data About You
• Phone status
– Network
– Battery
– Screen on/off
– Plugged in (or not)

20. ©2019CarnegieMellonUniversity:20
Smartphones Have Lots of Data About You
• Personal data
– Apps installed
– What app is currently running
• Can record app usage history too
– Photos (many photos
have GPS data inside)
– SMS log
– Contacts
– Call log
– Calendar

21. ©2019CarnegieMellonUniversity:21
Accessing All of the Smartphone Data
• Really easy for apps to get all the data I showed,
only a few restrictions
– Ex. Google dislikes looking at what apps installed
– Ex. Some notifications when installing and running

22. ©2019CarnegieMellonUniversity:22
A Gap: How to Transform All of this Data
into Real World Activities?
Sensors
Accelerometer
Gyroscope
Microphone
…
Phone
Screen on / off
Plugged in (or not)
Battery life
…
Personal
Apps installed
App usage
Contacts
…
Sleep
Sleeping or not?
How well is person sleeping?
?

23. ©2019CarnegieMellonUniversity:23

24. ©2019CarnegieMellonUniversity:24
Machine Learning is Used to Make These
Kinds of Predictions
• Machine learning is one area of Artificial
Intelligence
– This is the kind that’s been getting lots of press
• The goal of machine learning is to develop
systems that can improve performance with
more experience
– Can use “example data” (like the one I
just showed you) as “experience”
– Uses these examples to discern patterns

25. ©2019CarnegieMellonUniversity:25
How Machine Learning is Typically Used
• Gather lots of data
– We paid 27 people to fill out a daily sleep diary and
install an app that would collect lots of sensor data
• Design features that characterize the data
– Ex. Get loudness from microphone once every minute
– Ex. Get light intensity once every min
– Ex. Get motion from accelerometer once every min
• Train a machine learning model on that data
– Uses statistics to look for patterns in the features
– Our model outputs “sleeping” or “not sleeping”
• Measure effectiveness of model vs original data
• Repeat until model is good enough

26. ©2019CarnegieMellonUniversity:26
Two Comments Here
More Data is Almost Always Better
• This is why Big Data is of such interest
– Easier to collect data than ever before
• Sensors, social media, web clicks, web tracking
– More data leads to better predictive models
• Can infer lots of things about human behavior

27. ©2019CarnegieMellonUniversity:27
Two Comments Here
More Data is Almost Always Better
• This is why Big Data is of such interest
– Easier to collect data than ever before
• Sensors, social media, web clicks, web tracking
– More data leads to better models of behavior
• Can infer lots of things about human behavior
– What ads are people likely to click on?
– What books to recommend to people?
– Are you pregnant or not?
– What is your personality type?
– Are you depressed or not?
– Can’t answer these 100% accuracy, but improving

28. ©2019CarnegieMellonUniversity:28
Two Comments Here
AI / Machine Learning Not As Sophisticated as in Media

29. ©2019CarnegieMellonUniversity:29

30. ©2019CarnegieMellonUniversity:30

31. ©2019CarnegieMellonUniversity:31
Two Comments Here
AI / Machine Learning Not As Sophisticated as in Media
• A lot of people outside of computer science
often ascribe human behaviors to AI systems
– Especially desires and intentions
– Works well for sci-fi, but not for today or near future
• These systems only do:
– What we program them to do
– What they are trained to do (based on the data)
• Personally, I’m far more scared of people doing
bad things with AI and badly designed systems

32. ©2019CarnegieMellonUniversity:32
Stepping Back to Internet of Things
• The fundamental tension
– IoT technologies offer potential tremendous
benefits for individuals and society
– These exact same technologies pose major
challenges for privacy
• Why is privacy so hard?
• What can we do about privacy?

33. ©2019CarnegieMellonUniversity:33
Five Reasons Why Privacy is Hard
#1 Strong Incentives to for Companies to Collect Data
• Alluded to this with Big Data
– Barriers to collecting data are also really low
– More data means better predictive models
• Data has strong potential to affect bottom line
– Increasing relevance of online ads worth millions
– “Post-purchase monetization”

34. ©2019CarnegieMellonUniversity:34
Five Reasons Why Privacy is Hard
#2 Low Knowledge, Awareness, Motivation by Devs
• Developers have low knowledge of privacy
– But even those with CS degrees have little knowledge
– In surveys and interviews, vast majority of app
developers knew little about what privacy issues
there were and how to address them

35. ©2019CarnegieMellonUniversity:35
Five Reasons Why Privacy is Hard
#2 Low Knowledge, Awareness, Motivation by Devs
• Low awareness of privacy issues in their apps
• Many developers didn’t realize how much
data their app is collecting
– Or that it was collecting data at all
• App developers often use third-party libraries
– Functionality like analytics and advertising
– We found that over 40% of apps
collect data only because of these libraries
– Some apps use several libraries, which mean
your data is being sent to lots of third parties

36. ©2019CarnegieMellonUniversity:36
Five Reasons Why Privacy is Hard
#3 Companies Get Little Pushback on Privacy
• Let’s say you want to purchase a web cam
– Go into store, can compare price, color, features
– But can’t easily compare privacy (or security)
– So, privacy does not influence customer purchases
– So, companies not incentivized to improve
• Less than 0.1% of reviews on Google Play
mention privacy concerns
• This is a market failure
– This is why companies assign privacy a low priority

37. ©2019CarnegieMellonUniversity:37
Five Reasons Why Privacy is Hard
#4 Unclear What the Right Thing To Do Is
• Even if a company wants to be privacy-sensitive,
it’s not always clear what the right thing to do is

38. ©2019CarnegieMellonUniversity:38
• New York Times privacy policy
• Still state of the art for privacy notices
• But no one reads these

39. ©2019CarnegieMellonUniversity:39
Five Reasons Why Privacy is Hard
#4 Unclear What the Right Thing To Do Is
• Even if a company wants to be privacy-sensitive,
it’s not always clear what the right thing to do is
• For developers
– What is the best way of informing people?
– What is the best way of storing data?
– How to best assess what is / isn’t acceptable?
• Business metrics are also unclear
– In board room, metrics include Lifetime Value,
Customer Acquisition Cost, Year over year growth, etc
– No real metrics for privacy today

40. ©2019CarnegieMellonUniversity:40
Five Reasons Why Privacy is Hard
#5 Burden on End-Users is Too High
• Individuals have to be constantly vigilant
– The webcam in my first class, or the AirBnb story
• Individuals also have to make too many decisions
– Is this device good with respect to privacy?
– Should I install this app?
– What are all the settings I need to know?
– What are all the terms and conditions?
– Trackers, cookies, VPNs, anonymizers, etc

41. ©2019CarnegieMellonUniversity:41
What Can We Do About Privacy?
• Privacy is not hopeless
• I don’t have all the answers
• What I hope is that my talk will serve as part of
an ongoing conversation on privacy, and will
help stir some of you to action
• Here are some suggestions…

42. ©2019CarnegieMellonUniversity:42
What Can We Do About Privacy?
• If you are a journalist…
– Learn more and report on bad actors / devices
– Many companies are responsive to bad press
• If you are a student or researcher…
– There are lots of ways you can help
– Ex. Address privacy for a specific vulnerable group
• Intimate partner violence or children
– Ex. Analyze what a device is doing (+ journalist)
– Ex. Build better tools for developers
– (Or if you teach, get students in your class to do these!)

43. ©2019CarnegieMellonUniversity:43
What Can We Do About Privacy?
• If you are a developer…
– Learn more, and advocate within your company
– Establish some privacy standards, or privacy reviews
• If you are a policy maker…
– Don’t let companies get away with “individual choice”
• Too easy to push all the work to end-users
• If you are a consumer…
– Don’t buy that cheaper “smart” TV
– Be more deliberate about purchases, do some research
– Be especially wary of devices with cameras and mics
– Give feedback to companies about privacy

44. ©2019CarnegieMellonUniversity:44
What Can We Do About Privacy?
• There is no single solution for privacy, and it will
never be “solved”
– It will be more like literacy or civil rights
– It will be something every generation will have to
• It will require a combination of market forces,
legislation, education, and new technologies
– It will be hard
– But we are still in the very early days of Internet of
Things, and we can still steer it onto a better path

45. ©2019CarnegieMellonUniversity:45
https://www.flickr.com/photos/johnivara/536856713

46. ©2019CarnegieMellonUniversity:46
https://www.flickr.com/photos/johnivara/536856713
How can we create
a connected world we
would all want to live in?

47. ©2019CarnegieMellonUniversity:47

48. ©2019CarnegieMellonUniversity:48
• “It's tough to make
predictions, especially
about the future”
– Yogi Berra

49. ©2019CarnegieMellonUniversity:49
Looking Backwards
• The Industrial Revolution led to major changes
in society
– Compulsory high school education
– Shift from rural to urban areas
– Labor unions
– Feminism
– Welfare state
• Internet of Things + Artificial Intelligence will
likely be equally disruptive to society

50. ©2019CarnegieMellonUniversity:50

51. ©2019CarnegieMellonUniversity:51
IoT Pyramid Top Tier
• A few devices per person
• High computational power
• Tablets
• Glasses
• Laptops
• Smartphones

52. ©2019CarnegieMellonUniversity:52
IoT Pyramid Top Tier
• A few devices per person
• High computational power
• Tablets
• Glasses
Middle Tier
• Tens of devices per person
• Moderate computational power
• TVs
• Smart Toys
• Laptops
• Smartphones
• Thermostats
• Refrigerators

53. ©2019CarnegieMellonUniversity:53
IoT Pyramid Top Tier
• A few devices per person
• High computational power
• Tablets
• Glasses
Middle Tier
• Tens of devices per person
• Moderate computational power
• TVs
• Smart Toys
Bottom Tier
• Hundreds of devices per person
• Low computational power
• HVAC
• RFIDs
• Lightbulbs
• Laptops
• Smartphones
• Thermostats
• Refrigerators
• Smart toilets
• Implanted
medical devices

54. ©2019CarnegieMellonUniversity:54
IoT Security Issues Top Tier Security
• Cybersecurity good today
• Can run endpoint protection
• Large corporations developing

55. ©2019CarnegieMellonUniversity:55
IoT Security Issues Top Tier Security
• Cybersecurity good today
• Can run endpoint protection
• Large corporations developing
Middle Tier Security
• Cybersecurity weak today
• Basic or no endpoint capabilities
• Spotty security protections

56. ©2019CarnegieMellonUniversity:56
IoT Security Issues Top Tier Security
• Cybersecurity good today
• Can run endpoint protection
• Large corporations developing
Middle Tier Security
• Cybersecurity weak today
• Basic or no endpoint protection
• Spotty security protections
Bottom Tier Security
• Cybersecurity very poor today
• Weak or no endpoint protection
• Low manufacturer experience
• High diversity in hw, sw, OS
• Many devices never updated
• Major scalability challenges

57. ©2019CarnegieMellonUniversity:57
How is IoT Security Different?
1. Physical Safety and Security
• Deliberate attacks
– Ex. Crashing drones or autonomous vehicles
– Note that most attackers won’t do this

58. ©2019CarnegieMellonUniversity:58
How is IoT Security Different?
1. Physical Safety and Security
• Different classes of attackers, different motives
• State-sponsored
– State secrets, intellectual property, sow discord
• Non-state actors
– Terrorism, advocacy for a cause
• Organized crime
– Repeatable business model, stay under radar
• Disgruntled employee / Insider attack
• Script kiddies

59. ©2019CarnegieMellonUniversity:59
How is IoT Security Different?
1. Physical Safety and Security
• More likely attack: Ransomware
– Lock out of your house unless pay ransom
– Make videos of you at home public unless you pay

60. ©2019CarnegieMellonUniversity:60
How is IoT Security Different?
1. Physical Safety and Security
• More likely attack: Ransomware
– Lock out of your house unless pay ransom
– Make videos of you at home public unless you pay
• Just as likely: attacks for the “lulz”
– Tripping circuit breakers at office
– Remotely adjusting thermostat to make harder sleep
(or waste money, or let pipes freeze over)
• What kinds of safeguards for physical safety?
• Can we build models of normal vs abnormal
behaviors for devices and apps, and enforce?

61. ©2019CarnegieMellonUniversity:61
How is IoT Security Different?
2. Scalability
• Billions of devices will need to be secured
– Gartner estimates 20B devices by 2020
• Scale transforms easy into hard
– Ex. Unique passwords for dozens of devices?
– Ex. Security policies, each device having different user
interface (most not having a display and keyboard)?
– Ex. Physically locking down dozens of devices?
– Ex. Installing software updates
• What kinds of network protocols, APIs, and
middleware to help manage IoT devices at scale?

62. ©2019CarnegieMellonUniversity:62
How is IoT Security Different?
2. Scalability
• Scalability also enables new classes of attacks
http://shodan.io

63. ©2019CarnegieMellonUniversity:63

64. ©2019CarnegieMellonUniversity:64
How is IoT Security Different?
2. Scalability
• Possible for attackers to search for and execute
vulnerabilities at scale
– Ex. Mirai botnet DDoS attack Oct 2016
• Nightmare scenarios
– Find vulnerabilities in smartphone-connected
blood glucose monitors, inject fake data
– Find vulnerable medical implants, hold people hostage
• Again, some kind of model or policy
– Maybe formal model, maybe big data
• Better ways of using proximity for access?

65. ©2019CarnegieMellonUniversity:65
How is IoT Security Different?
3. Diversity of IoT Devices
• Hundreds of different manufacturers for middle
and bottom tier
– Different operating systems, wireless networking,
configuration software, log formats, cloud services
– Poor or no I/O capabilities, each UI different too
• Result: fragmentation of cybersecurity
– More network-based (vs endpoint) approaches
• Again, network protocols, APIs, and middleware
to help configure and manage
• Can we also help people make good decisions?
– Ex. Crowdsourcing or AI / Machine Learning

66. ©2019CarnegieMellonUniversity:66
How is IoT Security Different?
4. Low Manufacturer Experience
• Most traditional software companies understand
basics of good cybersecurity
• But most IoT will be developed by non-traditional
hardware companies
– Mostly middle and bottom tier
– Ex. Lighting, toys, medical equipment, audio,
household appliances
• And lots of small-scale manufacturers who have
no experience with security
– Ex. Kickstarter

67. ©2019CarnegieMellonUniversity:67
153 Projects at Kickstarter for “iot”

68. ©2019CarnegieMellonUniversity:68
382 Projects at Kickstarter for “sensor”

69. ©2019CarnegieMellonUniversity:69
766 Projects at Kickstarter for “wireless”

70. ©2019CarnegieMellonUniversity:70
How is IoT Security Different?
4. Low Manufacturer Experience
• Last time I checked, only 3 of top 50 CS
programs required a cybersecurity course
• But, only half of developers have CS degrees

71. ©2019CarnegieMellonUniversity:71
How is IoT Security Different?
4. Low Manufacturer Experience
• Low experience + Lots of small manufacturers
• Result: Lots of really basic vulnerabilities
– Poor software engineering practices for security
– Lack of awareness, knowledge, motivation to be secure
• Result: Lots of unsupported devices
– Small manufacturers will go out of business
– Or end of life from bigger manufacturers
• How can we help devs with low experience?
• How to offer security for lifespan of decades?

72. ©2019CarnegieMellonUniversity:72
How is IoT Security Different?
5. Lots of Unexpected Emergent Behaviors

73. ©2019CarnegieMellonUniversity:73
• A six-year-old asked her family’s
Echo “can you play dollhouse with
me and get me a dollhouse?”
• The device complied, ordering a
KidKraft Sparkle mansion
dollhouse, in addition to “four
pounds of sugar cookies.”

74. ©2019CarnegieMellonUniversity:74
• The story ended up on a local
morning show, where the anchor
remarked “I love the little girl,
saying ‘Alexa ordered me a
dollhouse.’”

75. ©2019CarnegieMellonUniversity:75
IoT Privacy
Awareness

76. ©2019CarnegieMellonUniversity:76
How Can We Make Invisible Information
Flows Visible?
• For bottom-tier of pyramid, devices non-obvious
• CMU Mites.io platform
– Air temp, humidity, pressure, 6-axis IMU, grid eye, …
• How to increase awareness of devices like this?

77. ©2019CarnegieMellonUniversity:77
Signifiers.io
• Project by some of our Master’s of HCI students

78. ©2019CarnegieMellonUniversity:78
Signifiers.io
Amazon Alexa and Google Home (Voice)

79. ©2019CarnegieMellonUniversity:79
Signifiers.io
Smart TVs Sensing Video and Audio

80. ©2019CarnegieMellonUniversity:80
Signifiers.io
Webcams Sensing Video and Audio

81. ©2019CarnegieMellonUniversity:81
Open Challenges for IoT Privacy+Security
• Can we make it so a person can understand what
data is being sensed in a room within 30 seconds?
• Most developers know nothing about security or
privacy. How can we help average devs do better?
• Can we enable an ecosystem for privacy that shifts
burden off of end-users and onto OS, markets,
developers, third-parties, and governments?
• How can we best address the market failure of IoT
privacy and security?

82. ©2019CarnegieMellonUniversity:82
Some of Our Ongoing Work at CMU
• Devs specify purposes in apps and others check
– Ex. “This app uses contacts for advertising”
– Ex. “This app uses location for maps”
• Manufacturer Usage Descriptions
– Change default from blacklist to whitelist
– “This toaster will only contact facebook.com”
• Privacyproxy.io
– Crowd-based approach for finding personally
identifiable information (PII) used by apps
– Data that you see a lot but no one else sees
– Using this to map out who knows what about us
– Can download for Android at Google Play

83. ©2019CarnegieMellonUniversity:83
Thanks!
More info at cmuchimps.org
or email jasonh@cs.cmu.edu
Read more:
• Towards a Safe and Secure Internet of Things
https://www.newamerica.org/cybersecurity-initiative/policy-
papers/toward-a-safe-and-secure-internet-of-things/
Special thanks to:
• NSF
• Alfred P. Sloan
• NQ Mobile
• DARPA
• Google
• CMU Cylab
• New America