This study demonstrates that smart home wireless traffic can expose significant user privacy risks, even to low-skill adversaries—a threat often underestimated by prior work that assumes highly capable attackers. The authors simulate a “casual attacker” with only basic IT knowledge, deploying three Raspberry Pi devices equipped with Wireshark and simple Python scripts in a real apartment setting. Through passive eavesdropping on wireless traffic and RSSI-based triangulation, the attacker successfully identifies device types, tracks user movement patterns, and reconstructs fine-grained daily activities, including guests’ sleep schedules. Crucially, this work shows for the first time that effective privacy attacks require neither machine learning nor specialized hardware, revealing the tangible risk posed by low-barrier, neighbor-level adversaries using off-the-shelf tools.

Smart devices, such as light bulbs, TVs, fridges, etc., equipped with computing capabilities and wireless communication, are part of everyday life in many households. Previous work has already shown that a passive eavesdropper can derive private information, household routines, etc., from the network traffic of smart devices. However, existing attacks rely on capable adversaries with specialized machine learning expertise, labeled training data and reference devices, leaving it unclear how vulnerable ordinary households are to less sophisticated attackers. In this paper, we investigate the extent to which a ,,casual attacker'' with straightforward IT skills and no specialized cybersecurity or ML tooling can reproduce such privacy attacks. Operating from an adjacent room in a real-world apartment building, we constrain our adversary to use only three off-the-shelf Raspberry Pis, Wireshark, and basic Python scripts. Through a three-week study, we demonstrate that this casual attacker can manually identify devices, recognize user states, track smartphone movements through walls via RSSI triangulation, and successfully extract detailed daily routines, including sleep patterns of guests. Our findings show that smart-home privacy leakage is a threat even from low-resourced, straightforward adversaries, e.g., neighbors.