Skip to main content

A systematic review of crime facilitated by the consumer Internet of Things


The nature of crime is changing—estimates suggest that at least half of all crime is now committed online. Once everyday objects (e.g. televisions, baby monitors, door locks) that are now internet connected, collectively referred to as the Internet of Things (IoT), have the potential to transform society, but this increase in connectivity may generate new crime opportunities. Here, we conducted a systematic review to inform understanding of these risks. We identify a number of high-level mechanisms through which offenders may exploit the consumer IoT including profiling, physical access control and the control of device audio/visual outputs. The types of crimes identified that could be facilitated by the IoT were wide ranging and included burglary, stalking, and sex crimes through to state level crimes including political subjugation. Our review suggests that the IoT presents substantial new opportunities for offending and intervention is needed now to prevent an IoT crime harvest.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2


  1. In computer science, conference papers undergo a rigorous peer-review process.

  2. Due to page constraints, only example citations are included in the text. More details of the full set of papers reviewed can be found in the electronic supplementary material.

  3. To be clear, we only used additional references not identified through the systematic search to provide further context about crimes identified through the systematic search.


  • Agadakos, I., C.-Y. Chen, M. Campanelli, P. Anantharaman, M. Hasan, B. Copos, et al. 2017. Jumping the Air Gap: Modeling Cyber-Physical Attack Paths in the Internet-of-Things. In CPS-SPC’17, Vol. 17.

  • Aktypi, A., J.R.C. Nurse, and M. Goldsmith. 2017. Unwinding Ariadne’s Identity Thread: Privacy Risks with Fitness Trackers and Online Social Networks. In Proceedings of the 2017 on Multimedia Privacy and Security, 1–11. Dallas, TX, USA.

  • Aljosha, J., U. Johanna, M. Georg, V.G. Artemios, and W. Edgar. 2017. Lightweight Address Hopping for Defending the IPv6 IoT. In Proceedings of the 12th International Conference on Availability, Reliability and SecurityARES’17, 1–10.

  • Amin, S.M., and A.M. Giacomoni. 2012. Smart Grid-Safe, Secure, Self-Healing. IEEE Power & Energy Magazine 10: 33–40.

    Article  Google Scholar 

  • Anand, S.A., and N. Saxena. 2016. Vibreaker: Securing Vibrational Pairing with Deliberate Acoustic Noise. In Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks, 103–108.

  • Bachy, Y., F. Basse, V. Nicomette, E. Alata, M. Kaaniche, J.C. Courrege, and P. Lukjanenko. 2015. Smart-TV Security Analysis: Practical Experiments. In Proceedings of the 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Smart-TV, 497–504.

  • Badenhop, C.W., B.W. Ramsey, B.E. Mullins, and L.O. Mailloux. 2016. Extraction and Analysis of Non-volatile Memory of the ZW0301 Module, a Z-Wave Transceiver. Digital Investigation 17: 14–27.

    Article  Google Scholar 

  • Banafa, A. 2016. Internet of Things (IoT): Security, Privacy and Safety.

  • BBC News. 2017a. EU Clamps Down on Social Media Job Snoops.

  • BBC News. 2017b. Man Jailed for Hacking into Jennifer Lawrence’s Online Account.

  • BBC News. 2018. West Midlands PCC Calls Car Security Summit.

  • Blythe, J.M., and L. Coventry. 2018. Costly But Effective: Comparing the Factors that Influence Employee Anti-malware Behaviours. Computers in Human Behavior 87: 87–97.

    Article  Google Scholar 

  • Blythe, J.M., and S.D. Johnson. 2018. Rapid Evidence Assessment on Labelling Schemes and Implications for Consumer IoT Security. DCMS: London.

  • Blythe, J.M., S. Michie, J. Watson, and C.E. Lefevre. 2017. Internet of Things in Healthcare: Identifying Key Malicious Threats, End-User Protective and Problematic Behaviours. In Proceedings of the 3rd Digital Health Conference 2017, London, UK.

  • Blythe, J.M., N. Sombatruang, and S.D. Johnson. 2019. What Security Features and Crime Prevention Advice is Communicated in Consumer IoT Device Manuals and Support Pages? Journal of Cybersecurity 5 (1).

  • Bugeja, J., A. Jacobsson, and P. Davidsson. 2017. An analysis of malicious threat agents for the smart connected home. In 2017 IEEE International Conference on Pervasive Computing and Communications Workshops, PerCom Workshops 2017, 557–562.

  • Byrt, T., J. Bishop, and J. Carlin. 1993. Bias, Prevalence and Kappa. Journal of Clinical Epidemiology 46 (5): 423–429.

    Article  Google Scholar 

  • Chen, D., S. Kalra, D. Irwin, P. Shenoy, and J. Albrecht. 2015. Preventing Occupancy Detection from Smart Meter Data. IEEE Transactions on Smart Grid 6 (5): 2426–2434.

    Article  Google Scholar 

  • Chen, Y., and B. Luo. 2012. S2A: Secure Smart Household Appliances. In Proceedings of the second ACM conference on Data and Application Security and Privacy, 217–228.

  • CIPD. 2013. Pre-employment Checks: An Employer’s Guide.

  • Clarke, R.V. 1980. Situational Crime Prevention: Theory and Practice. The British Journal of Criminology 20: 136.

    Article  Google Scholar 

  • Clarke, R.V. 1995. Situational Crime Prevention. Crime and Justice 19: 91–150.

    Article  Google Scholar 

  • Cockbain, E., K. Bowers, and G. Dimitrova. 2018. Human Trafficking for Labour Exploitation: The Results of a Two-Phase Systematic Review Mapping the European Evidence Base and Synthesising Key Scientific Research Evidence. Journal of Experimental Criminology 14 (3): 319–360.

    Article  Google Scholar 

  • Coleman, F.L. 1997. Stalking Behavior and the Cycle of Domestic Violence. Journal of Interpersonal Violence 12 (3): 420–432.

    Article  Google Scholar 

  • College of Policing. 2018. Crime Reduction Toolkit.

  • Copos, B., K. Levitt, M. Bishop, and J. Rowe. 2016. Is Anybody Home? Inferring Activity from Smart Home Network Traffic. In IEEE Security and Privacy Workshops (SPW), 245–251.

  • Coppolino, L., V. Dalessandro, S. Dantonio, L. Levy, and L. Romano. 2015. My Smart Home is Under Attack. In IEEE 18th International Conference on Computational Science and Engineering, 145–151.

  • Coventry, L., P. Briggs, J.M. Blythe, and M. Tran. 2014. Using Behavioural Insights to Improve the Public’ S Use of Cyber Security Best Practices. Innovation and Skills: Report for the Department of Business.

    Google Scholar 

  • DCMS. 2018. Secure by Design: Improving the Cyber Security of Consumer Internet of Things Report.

  • Denning, T., C. Matuszek, K. Koscher, J.R. Smith, and T. Kohno. 2009. A Spotlight on Security and Privacy Risks with Future Household Robots. In Proceedings of the 11th International Conference on Ubiquitous Computing, 105–114. ACM.

  • Felson, M. 1994. Crime and Everyday Life. Thousand Oaks, CA: Pine Forge.

    Google Scholar 

  • Feng, X., M. Ye, V. Swaminathan, and S. Wei. 2017. Towards the Security of Motion Detection-based Video Surveillance on IoT Devices. In Proceedings of the on Thematic Workshops of ACM Multimedia 2017, 228–235. ACM.

  • Fernandes, E., J. Jung, and A. Prakash. 2016. Security Analysis of Emerging Smart Home Applications. In IEEE Symposium on Security and Privacy Security, 636–654.

  • Fernandes, E., A. Rahmati, J. Jung, and A. Prakash. 2017. Security Implications of Permission Models in Smart-Home Application Frameworks. IEEE Security and Privacy 15 (2): 24–30.

    Article  Google Scholar 

  • Forrester, D., M. Chatterton, K. Pease, and R. Brown. 1988. The Kirkholt Burglary Prevention Project.

  • FTC. 2015. IoT Privacy & Security in a Connected World.

  • Garcia-Morchon, O., S. Kumar, S. Keoh, R. Hummen, and R. Struik. 2014. Security Considerations in the IP-Based Internet of Things. Draft-Garcia-Core-Security-06.

  • Greensmith, J. 2015. Securing the Internet of Things with Responsive Artificial Immune Systems. In Proceedings of the 2015 Annual Conference on Genetic and Evolutionary Computation, 113–120.

  • Henry, N., and A. Powell. 2015. Beyond the ‘Sext’: Technology-Facilitated Sexual Violence and Harassment Against Adult Women. Australian & New Zealand Journal of Criminology 48 (1): 104–118.

    Article  Google Scholar 

  • Higgins, J., and S. Green. 2011. Cochrane Handbook for Systematic Reviews of Interventions.

  • Ho, G., D. Leung, P. Mishra, A. Hosseini, D. Song, and D. Wagner. 2016. Smart Locks: Lessons for Securing Commodity Internet of Things Devices. In Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, 461–472.

  • Hoang, N.P., and D. Pishva. 2015. A TOR-Based Anonymous Communication Approach to Secure Smart Home Appliances. In International Conference on Advanced Communication Technology, ICACT, Vol. 3, 517–525.

  • Hong, J. 2012. The State of Phishing Attacks. Communications of the ACM 55 (1): 74–81.

    Article  Google Scholar 

  • Jacobsson, A., M. Boldt, and B. Carlsson. 2016. A Risk Analysis of a Smart Home Automation System. Future Generation Computer Systems 56: 719–733.

    Article  Google Scholar 

  • Johnson, S.D., N. Tilley, and K.J. Bowers. 2015. Introducing EMMIE: An Evidence Rating Scale to Encourage Mixed-Method Crime Prevention Synthesis Reviews. Journal of Experimental Criminology 11 (3): 459–473.

    Article  Google Scholar 

  • Kang, W.M., S.Y. Moon, and J.H. Park. 2017. An Enhanced Security Framework for Home Appliances in Smart Home. Human-Centric Computing and Information Sciences 7 (1): 6.

    Article  Google Scholar 

  • Kaspersky. 2017. Kaspersky Lab Research Reveals the Cost and Profitability of Arranging a DDoS Attack.

  • Kumar, P., M. Ylianttila, A. Gurtov, S.G. Lee, and H.J. Lee. 2014. An Efficient and Adaptive Mutual Authentication Framework for Heterogeneous Wireless Sensor Network-Based Applications. Sensors 14 (2): 2732–2755.

    Article  Google Scholar 

  • Laxton, C. 2014. Virtual World, Real Fear: Women’s Aid Report into Online Abuse, Harassment and Stalking. Bristol: Women’s Aid.

    Google Scholar 

  • Laycock, G. 2004. The UK Car Theft Index: An Example of Government Leverage. In Understanding and Preventing Car Theft, Vol. 17 of Crime Prevention Studies, 25–44. Willan: Cullompton.

  • Lee, M., K. Lee, J. Shim, S. Cho, and J. Choi. 2016. Security Threat on Wearable Services: Empirical Study Using a Commercial Smartband. In 2016 IEEE International Conference on Consumer Electronics-Asia (ICCE-Asia), 1–5.

  • Liu, Y., S. Hu, and T.Y. Ho. 2015a. Vulnerability Assessment and Defense Technology for Smart Home Cybersecurity Considering Pricing Cyberattacks. In: IEEE/ACM International Conference on Computer-Aided Design, 183–190.

  • Liu, X., Z. Zhou, W. Diao, Z. Li, and K. Zhang. 2015b. When Good Becomes Evil: Keystroke Inference with Smartwatch. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications SecurityCCS’15, 1273–1285.

  • Lo, C.H., and N. Ansari. 2013. CONSUMER: A Novel Hybrid Intrusion Detection System for Distribution Networks in Smart Grid. IEEE Transactions on Emerging Topics in Computing 1 (1): 33–44.

    Article  Google Scholar 

  • Lotfy, K., and M.L. Hale. 2016. Assessing Pairing and Data Exchange Mechanism Security in the Wearable Internet of Things. In 2016 IEEE International Conference on Mobile Services (MS), 25–32.

  • Lyu, M., D. Sherratt, A. Sivanathan, H.H. Gharakheili, A. Radford, and V. Sivaraman. 2017. Quantifying the Reflective DDoS Attack Capability of Household IoT Devices. In Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile NetworksWiSec’17, 46–51.

  • Mailley, J., R. Garcia, S. Whitehead, and G. Farrell. 2008. Phone Theft Index. Security Journal 21 (3): 212–227.

    Article  Google Scholar 

  • Maiti, A., M. Jadliwala, J. He, and I. Bilogrevic. 2015. (Smart)Watch Your Taps: Side-Channel Keystroke Inference Attacks using Smartwatches. In Proceedings of the 2015 ACM International Symposium on Wearable ComputersISWC’15, 27–30. New York: ACM Press.

  • Manky, D. 2013. Cybercrime as a Service: a Very Modern Business. Computer Fraud & Security 6: 9–13.

    Article  Google Scholar 

  • Maple, C. 2017. Security and Privacy in the Internet of Things. Journal of Cyber Policy 2 (2): 155–184.

    Article  Google Scholar 

  • Metropolitan Police. 2003. Findings from the Multi- agency Domestic Violence Murder Reviews in London.

  • Min, B., and V. Varadharajan. 2015. Design and Evaluation of Feature Distributed Malware Attacks Against the Internet of Things (IoT). In 20th International Conference on Engineering of Complex Computer Systems (ICECCS), 80–89

  • Mitchell, K., D. Finkelhor, L. Jones, and J. Wolak. 2010. Use of Social Networking Sites in Online Sex Crimes Against Minors: An Examination of National Incidence and Means of Utilization. Journal of Adolescent Health 47 (2): 183–190.

    Article  Google Scholar 

  • Mitnick, K.D., and W.L. Simon. 2003. The Art of Deception: Controlling the Human Element in Security. New York: Wiley.

    Google Scholar 

  • NPower. 2018. Energy Theft.

  • NSPCC. 2018. Facebook Tops List of Sites Used for Online Grooming.

  • Obermaier, J., and M. Hutle. 2016. Analyzing the Security and Privacy of Cloud-Based Video Surveillance Systems. In Proceedings of the 2nd ACM International Workshop on IoT Privacy, Trust, and SecurityIoTPTS’16, 22–28. New York: ACM Press.

  • Office for National Statistics. 2017a. Crime in England and Wales: Year Ending December 2017. London: ONS.

    Google Scholar 

  • Office for National Statistics. 2017b. Overview of Burglary and Other Household Theft: England and Wales. London: ONS.

    Google Scholar 

  • Oluwafemi, T., T. Kohno, S. Gupta, and S. Patel. 2013a. Experimental Security Analyses of Non-Networked Compact Fluorescent Lamps: A Case Study of Home Automation Security. In Proceedings of the LASER 2013 (LASER 2013), 13–24.

  • Oluwafemi, T., T. Kohno, S. Gupta, and S. Patel. 2013b. Experimental Security Analyses of Non-Networked Compact Fluorescent Lamps: A Case Study of Home Automation Security. In Proceedings of the LASER 2013 (LASER 2013), 13–24.

  • Paladin. 2018. Paladin’s Definition of Stalking.

  • Pawson, R.A.Y., and N. Tilley. 2018. What Works in Evaluation Research? The British Journal of Criminology 34 (3): 291–306.

    Article  Google Scholar 

  • Pease, K. 1997. Crime reduction. In The Oxford Handbook of Criminology, 2nd ed, ed. M. Maguie. Oxford: Clarendon Press.

    Google Scholar 

  • Powell, A., and N. Henry. 2018. Policing Technology-Facilitated Sexual Violence Against Adult Victims: Police and Service Sector Perspectives. Policing and Society 28 (3): 291–307.

    Article  Google Scholar 

  • Rahman, M., B. Carbunar, and U. Topkara. 2013. Fit and Vulnerable: Attacks and Defenses for a Health Monitoring Device.

  • Ratajczyk, E., U. Brady, J.A. Baggio, A.J. Barnett, I. Perez-Ibara, N. Rollins, et al. 2016. Challenges and Opportunities in Coding the Commons: Problems, Procedures, and Potential Solutions in Large-N Comparative Case Studies. International Journal of the Commons, 10 (2), 440–466.

  • Reichherzer, T., M. Timm, N. Earley, N. Reyes, and V. Kumar. 2017. Using Machine Learning Techniques to Track Individuals & Their Fitness Activities. In Proceedings of the 32nd International Conference on Computers and Their Applications, CATA 2017, 119–124.

  • Sasse, A. 2015. Scaring and Bullying People into Security Won’t Work. IEEE Security and Privacy 13 (3): 80–83.

    Article  Google Scholar 

  • Schneier, B. 2018. Click Here to Kill Everybody: Security and Survival in a Hyper-Connected World. New York: WW Norton & Company.

    Google Scholar 

  • Seto, M. 2015. Internet-Facilitated Sexual Offending.

  • Sivaraman, V., D. Chan, D. Earl, and R. Boreli. 2016. Smart-Phones Attacking Smart-Homes. In Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile NetworksWiSec’16, 195–200.

  • Sivaraman, V., H.H. Gharakheili, A. Vishwanath, R. Boreli, and O. Mehani. 2015. Network-Level Security and Privacy Control for Smart-Home IoT Devices. In 2015 IEEE 11th International Conference on Wireless and Mobile Computing, Networking and Communications, WiMob 2015, 163–167.

  • 2018. What is the Smart Grid?

  • Snader, R., Kravets, R., and Harris III, A.F. 2016. CryptoCop: Lightweight, Energy-Efficient Encryption and Privacy for Wearable Devices. In 2nd ACM Workshop on Wearable Systems and Applications. WearSys 2016, 7–12.

  • Srinivasan, V., J. Stankovic, and K. Whitehouse. 2008. A Fingerprint and Timing-Based Snooping Attack on Residential Sensor Systems. ACM SIGBED Review 5 (1): 1–2.

    Article  Google Scholar 

  • Statistica. 2018. Estimated Global Commercial Drone Unit Sales in 2016 and 2017 (in 1,000 Units).

  • Tekeoglu, A., and A.S. Tosun. 2015a. A Closer Look into Privacy and Security of Chromecast Multimedia Cloud Communications. In 2015 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), 121–126

  • Tekeoglu, A., and A.S. Tosun. 2015b. Investigating Security and Privacy of a Cloud-Based Wireless IP Camera: NetCam. In ProceedingsInternational Conference on Computer Communications and Networks, ICCCN, 2015October.

  • Thing, V.L.L. 2017. IEEE 802.11 Network Anomaly Detection and Attack Classification: A Deep Learning Approach. In Wireless Communications and Networking Conference (WCNC).

  • Torre, I., F. Koceva, O.R. Sanchez, and G. Adorni. 2017. Fitness Trackers and Wearable Devices: How to Prevent Inference Risks? In Proceedings of the 11th International Conference on Body Area Networks. EAI.

  • Tzezana, R. 2016. Scenarios for Crime and Terrorist Attacks Using the Internet of Things. European Journal of Futures Research 4 (1): 18.

    Article  Google Scholar 

  • Tzezana, R. 2017. High-Probability and Wild-Card Scenarios for Future Crimes and Terror Attacks Using the Internet of Things. Foresight 19 (1): 1–14.

    Article  Google Scholar 

  • Vemi, S.G., and C. Panchev. 2015. Vulnerability Testing of Wireless Access Points Using Unmanned Aerial Vehicles (UAV). In Proceedings of the European Conference on e-Learning, 245.

  • Vigo, R., E. Yuksel, and Dewi Puspa Kencana Ramli, C. 2012. Smart Grid Security a Smart Meter-Centric Perspective. In 2012 20th Telecommunications Forum (TELFOR), 127–130

  • Visan, B.A., J. Lee, B. Yang, A.H. Smith, and E.T. Matson. 2017. Vulnerabilities in Hub Architecture IoT Devices. In 2017 14th IEEE Annual Consumer Communications and Networking Conference, CCNC 2017, 83–88

  • Wang, C., X. Guo, Y. Wang, Y. Chen, and B. Liu. 2016. Friend or Foe? In Proceedings of the 11th ACM on Asia Conference on Computer and Communications SecurityASIA CCS’16, 189–200.

  • Wang, H., T.T.-T. Lai, and R. Roy Choudhury. 2015. MoLe: Motion Leaks Through Smartwatch Sensors. In Proceedings of the 21st Annual International Conference on Mobile Computing and NetworkingMobiCom’15, 155–166.

  • Wazid, M., A.K. Das, V. Odelu, N. Kumar, and W. Susilo. 2017. Secure Remote User Authenticated Key Establishment Protocol for Smart Home Environment. In IEEE Transactions on Dependable and Secure Computing, 5971(c).

  • Weisburd, D., D.P. Farrington, and C. Gill (eds.). 2016. What Works in Crime Prevention and Rehabilitation: Lessons from Systematic Reviews. New York: Springer.

    Google Scholar 

  • Which? 2017. Safety Alert: See How Easy it is for Almost Anyone to Hack Your Child’s Connected Toys.

  • Williams, R., E. McMahon, S. Samtani, M. Patton, and H. Chen. 2017. Identifying Vulnerabilities of Consumer Internet of Things (IoT) Devices: A Scalable Approach. In 2017 IEEE International Conference on Intelligence and Security Informatics: Security and Big Data, ISI 2017, 179–181.

  • Wrap. 2017. Smart Devices & Secure Data Eradication: The Evidence.

  • Wurm, J., K. Hoang, O. Arias, A.-R. Sadeghi, and Y. Jin. 2016. Security Analysis on Consumer and Industrial IoT Devices. In 2016 21st Asia and South Pacific Design Automation Conference (ASP-DAC), 519–524.

  • Xu, H., D. Sgandurra, K. Mayes, P. Li, and R. Wang. 2017. Analysing the Resilience of the Internet of Things Against Physical and Proximity Attacks, Vol. 10658.

  • Yoshigoe, K., W. Dai, M. Abramson, and A. Jacobs. 2016. Overcoming Invasion of Privacy in Smart Home Environment with Synthetic Packet Injection. In Proceedings of 2015 TRON Symposium, TRONSHOW 2015, 1(C).

Download references


This work was funded by the UK EPSRC as part of the PETRAS IoT Research Hub—Cybersecurity of the Internet of Things grant no. EP/N02334X/1 and the Dawes Centre for Future Crime at University College London.

Author information

Authors and Affiliations


Corresponding author

Correspondence to Shane D. Johnson.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Electronic supplementary material

Below is the link to the electronic supplementary material.

Supplementary material 1 (DOCX 33 kb)

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Blythe, J.M., Johnson, S.D. A systematic review of crime facilitated by the consumer Internet of Things. Secur J 34, 97–125 (2021).

Download citation

  • Published:

  • Issue Date:

  • DOI:


  • Internet of Things
  • Cybercrime
  • Systematic review
  • Crime harvest