Navigating the maze: the effectiveness of manufacturer support in applying user-controlled security and privacy features

Abstract

Internet of Things (IoT) technologies have reshaped the home computer environment by offering extraordinary levels of convenience, automation, and efficiency. With technologies ranging from thermostats that adjust for cost savings to water leak detectors that protect homes from costly water damage, IoT devices in the residential space are here to stay. Collectively, these interconnected devices targeted for the consumer home environment are commonly referred to as a "smart home". Despite the many capabilities that smart home IoT technologies offer, many consumers/end-users are still struggling with effectively securing their internet-connected devices, safeguarding personal data, and ensuring that their smart home network remains secure from potential threats. The responsibility for safeguarding smart home IoT devices is shared by both manufacturers and consumers/end-users; however, the extent to which manufacturers are providing clear, comprehensive, and accessible guidance to assist consumers/end-users with safeguarding IoT devices remains unclear. This research study explores the level of support provided by smart home IoT manufacturers in applying user-controlled security and privacy features. User-controlled security and privacy features are settings within an IoT device that only the end-user can adjust (e.g. passwords, multi-factor authentication, device permissions, data backup, etc.). A systems engineering–focused, mixed-methods approach was adopted to evaluate how effectively smart home IoT manufacturers guide and assist consumers in understanding, implementing, and maintaining user-controlled security and privacy features in their smart home IoT devices and systems. The study unfolds across four systems engineering phases: (1) Requirements Analysis, (2) Usability Testing, (3) Focus Group Technical Deep Dive, and (4) Recommendations and Future Implementations. A review of smart home IoT device manuals, online resources, and other manufacturer-provided materials established a baseline for how well the reference material aligned with cybersecurity industry standards, best practices, and recommendations. Through structured surveys, proficiency tests, and qualitative focus group technical deep dive feedback, the study identified gaps in smart home IoT manufacturers' guidance that compromise users' ability to configure essential security settings. Employing systems engineering principles, this research study underscored the importance of user-centric design and comprehensive security and privacy guidance to help bridge the gap between cybersecurity best practices and a diverse consumer/end- user skill base.