Ieee Symposium on Security and Privacy

S mart-home technology has evolved beyond basic convenience functionality, such as automatically controlled lights and door openers, to provide tangible bene ts. For instance, water ow sensors and smart meters facilitate energy e ciency. IP-enabled cameras, motion sensors, and connected door locks o er be er control of home security. However, a ackers can manipulate smart devices to cause users physical, nancial, and psychological harm. For example, burglars can target a connected door lock to plant hidden access codes.1 Early smart-home systems had steep learning curves and complicated device setup procedures and thus were limited to do-it-yourself enthusiasts. (Many forums exist for people to exchange know-how, such as forum .universal-devices.com.) Recently, several companies introduced cloud-backed systems that are easier for users to set up and that provide a programming framework for third-party developers to build smart-home apps. Examples of such frameworks are Samsung’s Smart ings (www.smar hings.com), Apple’s HomeKit (www.apple.com/ios/home), Vera Control’s Vera3 (getvera.com/controllers/vera3), Google’s Weave/ Brillo (developers.google.com/weave), and AllSeen Alliance’s AllJoyn (including Qualcomm, Microso , LG, Cisco, and AT&T; allseenalliance.org/framework). We consider the security implications of a key component of such smart-home programming frameworks: their permission models. ese models limit the risk third-party apps pose to users and their devices. We rst survey the permission models of Apple HomeKit, IoTivity, AllJoyn, and Smart ings, then discuss results from a deep-dive analysis of the Smart ings framework.2