CRASHED: Cyber risk assessment for smart home electronic devices

The rapid proliferation of Internet of Things (IoT) technology has enriched modern households with smart
home devices, enhancing convenience, but simultaneously increasing vulnerability to cyber threats. This
paper introduces CRASHED, an innovative cyber risk assessment methodology specifically designed for smart
home ecosystems. Compared to existing approaches, CRASHED integrates the MITRE ATT&CK and CAPEC
frameworks to systematically identify and analyze threats, vulnerabilities, and potential impacts. By employing
device-specific profiling, quantitative metrics, and sophisticated weighting mechanisms, it delivers a multilayered assessment of cyber risks that accounts for asset criticality and threat severity, distinguishing it from
conventional methods lacking such granularity. The novelty of CRASHED lies in its comprehensive evaluation
of systemic vulnerabilities and domestic repercussions. Case studies on various smart home configurations
demonstrate its effectiveness in modeling, analyzing, and mitigating risks compared to existing frameworks.
This work represents a significant advancement in safeguarding smart home environments, underscoring the
urgent need for specialized cyber risk assessment models in our interconnected era. The proposed methodology
not only enhances threat detection and response, but also addresses critical gaps in vulnerability databases
and risk calculation processes, offering a transformative solution to the evolving challenges of smart home
cybersecurity.