Information security involves more than just malware. Leaks of sensitive personal information can often occur through IoT devices hidden in unfamiliar environments. These devices, including tiny cameras, microphones, and speakers, are increasingly used to snoop on users in hotel rooms and AirBnB locations. The number of scandals linked to such leaks is snowballing. This problem has already been recognized as a grave threat to privacy globally.
As a solution, a team of cybersecurity experts have developed Lumos, a system designed to identify and locate IoT spying devices.
Lumos can identify Wi-Fi-connected IoT devices and visualize their presence using an augmented reality interface. It functions as a sniffer for encrypted packages transmitted over wireless channels. Lumos does not need IP/DNS layer information or Wi-Fi channel assignments to identify IoT devices, and uses phone sensors and wireless signal strength measurements to locate them. Lumos runs on commodity user devices, such as notebooks or phones, making it extremely handy for tourists and frequent business travellers.
The system has been tested on around 44 devices and in 6 different environments and shows an impressive 95% accuracy in identification. The location median error was below 1.5 m, a performance demonstrated in 1000 sq. ft. apartment. Lumos adds all newly discovered types of IoT devices to a database to simplify their identification in the future. Devices like Lumos empower users to take control of their privacy and security.