IoT labels will help consumers figure out which devices are spying on them

by

When hungry consumers want to know how many calories are in a bag of chips, they can check the nutrition label on the bag. When those same consumers want to check the security and privacy practices of a new IoT device, they aren't able to find even the most basic facts.

Not yet, at least.

In a new study published in the proceedings of the IEEE Symposium on Security & Privacy, a team of researchers in Carnegie Mellon University's CyLab have developed a prototype security and privacy "nutrition label" that performed well in user tests. To develop the label, the team consulted with a diverse group of 22 security and privacy experts across industry, government, and academia.

The team also developed an IoT label generator for manufacturers to use to easily create labels for their devices.

"Survey results show that the vast majority of people are concerned about the security and privacy practices of devices, so we need to provide them with this information," says CyLab's Pardis Emami-Naeini, the study's lead author and a recent Ph.D. recipient in Societal Computing in the School of Computer Science. "The display of this information should be concise and understandable, akin to a nutrition label on food products."

A recording of Emami-Naeini's presentation of the study can be viewed here.