Noisy Networks, Nosy Neighbors: Simple Privacy Attacks Against Residential Wireless Traffic
It demonstrates that smart-home privacy leakage is a threat even from low-resourced, unsophisticated adversaries like neighbors, lowering the bar for practical attacks.
The paper shows that a casual attacker with only three Raspberry Pis, Wireshark, and basic Python scripts can extract private information (device identification, user states, smartphone movements, daily routines, sleep patterns) from residential wireless traffic over three weeks in a real apartment building.
Smart devices, such as light bulbs, TVs, fridges, etc., equipped with computing capabilities and wireless communication, are part of everyday life in many households. Previous work has already shown that a passive eavesdropper can derive private information, household routines, etc., from the network traffic of smart devices. However, existing attacks rely on capable adversaries with specialized machine learning expertise, labeled training data and reference devices, leaving it unclear how vulnerable ordinary households are to less sophisticated attackers. In this paper, we investigate the extent to which a ,,casual attacker'' with straightforward IT skills and no specialized cybersecurity or ML tooling can reproduce such privacy attacks. Operating from an adjacent room in a real-world apartment building, we constrain our adversary to use only three off-the-shelf Raspberry Pis, Wireshark, and basic Python scripts. Through a three-week study, we demonstrate that this casual attacker can manually identify devices, recognize user states, track smartphone movements through walls via RSSI triangulation, and successfully extract detailed daily routines, including sleep patterns of guests. Our findings show that smart-home privacy leakage is a threat even from low-resourced, straightforward adversaries, e.g., neighbors.