Consumer Internet of Things (IoT) devices are increasingly common, from smart speakers to security cameras, in homes. Along with their benefits come potential privacy and security threats. To limit these threats a number of commercial services have become available (IoT safeguards). The safeguards claim to provide protection against IoT privacy risks and security threats. However, the effectiveness and the associated privacy risks of these safeguards remains a key open question. In this paper, we investigate the threat detection capabilities of IoT safeguards for the first time. We develop and release an approach for automated safeguards experimentation to reveal their response to common security threats and privacy risks. We perform thousands of automated experiments using popular commercial IoT safeguards when deployed in a large IoT testbed. Our results indicate not only that these devices may be ineffective in preventing risks, but also their cloud interactions and data collection operations may introduce privacy risks for the households that adopt them.

翻译：消费级物联网（IoT）设备（从智能音箱到安防摄像头）在家庭中日益普及。在带来便利的同时，它们也潜藏着隐私与安全威胁。为限制这些威胁，市场上涌现出众多商业化服务（即物联网防护措施）。这些防护措施宣称能抵御物联网隐私风险与安全威胁，然而其有效性及伴生的隐私风险仍是悬而未决的关键问题。本文首次对物联网防护措施的威胁检测能力展开研究。我们开发并公开了一种自动化防护措施实验方法，用以揭示其对常见安全威胁与隐私风险的响应。通过利用大型物联网测试平台，我们部署主流商业化物联网防护措施并执行数千次自动化实验。结果表明：这些设备不仅可能无法有效防范风险，其云端交互与数据采集操作反而可能给采用它们的家庭引入新的隐私风险。