The Internet of Things: Fire Sleuth, Fire Starter

Fires are difficult to investigate since they often destroy the evidence of their cause. Now scientists demonstrate how Internet of Things (IoT) gadgets can reveal key clues—but also potentially help arsonists start fires in the first place.

Criminal investigations are already increasingly exploring how IoT devices might record useful forensic data. For example, in 2021, a jury found a man in Alabama guilty of his wife’s murder based on data from his iPhone. The device’s iOS health app recorded 18 footsteps during a time he claimed to be asleep on the night of the homicide.

Scientists at University of Lausanne in Switzerland wanted to see if IoT devices could serve as digital witnesses to arson. They reasoned the gadgets could store data onboard that might survive the fire, or transmit data to the cloud or linked phones before their incineration.

“IoT devices have become ubiquitous in the form of smart home devices,” says Ragib Hasan, a cybersecurity and digital forensic scientist at the University of Alabama at Birmingham, who did not take part in this research. “Such devices have ‘eyes and ears,’ and they can provide valuable forensic information.”

Scenario 1 represented an arson case with the use of ignitable liquid. One liter of diesel fuel was poured in Bedroom 2, as well as a liter of gasoline in the living room. Before the fire [left]; After the fire [right].Service Presse/Police Neuchateloise

In one experiment in a multiroom apartment in a building scheduled for demolition, the researchers examined how IoT gadgets might prove helpful in an arson attack involving spilled gasoline and diesel fuel. In this scenario, they found the devices—including temperature and motion sensors, smart cameras, smoke detectors, and a voice assistant—helped reveal the precise moment the fire started, the room in which it started, and the timeline of how it spread.

In another experiment in a single-room apartment in a building designed to help train firefighters, the scientists explored how IoT devices might not only help fire investigators, but also arsonists. For this scenario, the researchers rigged an immersion heater in a box filled with Styrofoam as a rudimentary ignition device. They connected the heater to a smart outlet in the kitchen and later used the outlet to turn the heater on remotely. (A 2017 report similarly found an IoT stove could also be used as a remote-controlled arson device.)

The scientists discovered they often faced difficulties collecting data from the IoT devices themselves. Sometimes the fires destroyed memory chips, while other times the gadgets had no memory chips, or had read protections on their internal memory that the researchers could not overcome.

In this scenario the owner prepared the ignition device in the morning and left the house, leaving all electronic devices in standby mode. Before the fire [left]; After the fire [right].Fire investigation team of the School of Criminal Justice

However, the data stored on linked smartphones often proved informative. In the first experiment, one app collected a wealth of temperature, humidity and motion data, while another app provided video recorded during the fire. In the second experiment, the smart outlet app recorded the time and room when the request to activate the smart socket was made. The heat and carbon dioxide sensor data suggested the fire started about six minutes after the socket was activated. In addition, the IoT devices in the apartment revealed the fire grew rapidly after ignition, as opposed to a slow buildup, as might happen if, say, a discarded cigarette was left on a sofa.

These new findings help “open up a new frontier,” Hasan says. “In the past, forensic investigators had to rely on physical evidence to piece together what happened in a crime scene or fire scene, but now they have an ally to help them gather more fine-grained information.”

The researchers also made lawful requests for data the IoT devices stored in the cloud, and most service providers supplied the requested data. However, in the first experiment, one company claimed it did not collect and store any data, while another company did not reply to any of the requests made for the video data.

“A clever adversary can actually set up the IoT devices to prepare a false narrative which can mask their activities” —Ragib Hasan, University of Alabama at Birmingham

“Forensics in the cloud is difficult, and cloud providers are often unwilling to violate the privacy of the users by providing access to data stored in the cloud,” Hasan says. “Unlike physical evidence, whose chain of custody can be directly managed by the forensic investigators, any data coming from the cloud has questionable chain of custody or provenance due to the current architecture of clouds. Investigators must trust and depend on the cloud provider completely for the completeness and veracity of the evidence.”

The new study also highlights many other challenges when it comes to relying on the IoT during investigations. For instance, Hasan pointed out that many IoT devices lack security controls. “A clever adversary can actually set up the IoT devices to prepare a false narrative which can mask their activities and can actually make the forensic investigations difficult,” Hasan says. “Rather than treating IoT data as a gold standard, we must corroborate them with the physical evidence from the fire or crime scenes and also promote stronger security controls in IoT smart home devices.”

These findings also raise privacy concerns. “Our homes used to be our sanctuaries where we could be away from prying eyes,” Hasan says. “Now these smart home devices can monitor our every movement and action. While this can benefit forensics, in the big picture, without strong security and privacy controls, this can easily be exploited.”

For example, while forensic investigations are legitimate users of the data from the IoT devices used in their experiments, “criminals can exploit such data for nefarious purposes, as such detailed data essentially gives them eyes and ears into our everyday activities,” Hasan says. Corporate entities may also conduct unauthorized sharing of such data with third parties, and “In countries with repressive regimes, such data from IoT devices can essentially lead to the scenario stated in George Orwell’s 1984, enabling ‘Big Brother’ to watch us constantly.”

All in all, “Research should focus not only on ensuring the security and trustworthiness of IoT, but also prevent the misuse of the data,” Hasan says. “That is a hard problem.”

The scientists in Switzerland detailed their findings 1 April in the journal Forensic Science International.