Watching IoTs That Watch Us: Empirically Studying IoT Security & Privacy at Scale

Danny Y. Huang


Consumers today are increasingly concerned about the security and privacy risks of smart home IoT devices. However, few empirical studies have looked at these problems at scale, partly because a large variety and number of smart-home IoT devices are often closed-source and on private home networks, thus making it difficult for researchers to systematically observe the actual security and privacy issues faced by users in the wild.

In this talk, I describe two methods for researchers to empirically understand these risks to real end-users: (i) emulating user-inputs to study how thousands of smart TV channels (i.e., apps) track viewers [CCS '19]; and (ii) crowdsourcing network traffic from thousands of real smart home networks [in submission]. Both methods have allowed us to conduct the largest security and privacy studies on smart TV and other IoT devices to date. Our labeled datasets have also created new opportunities for other research areas, such as machine learning, network management, and healthcare.


Danny Y. Huang is a postdoctoral fellow at Princeton's Center for Information Technology Policy. He is broadly interested in the security and privacy of emerging technologies, such as cryptocurrency and IoT. He obtained his PhD in Computer Science from University of California, San Diego. For more information, visit

Time and Place

Monday, October 7, 4:15pm
Gates 463A