IoT Data Exposure Analysis through Companion Apps

The research paper "Are You Spying on Me? Large-Scale Analysis on IoT Data Exposure through Companion Apps" highlights concerns about privacy implications of IoT devices in scenarios like smart homes and healthcare. The IoTProfiler tool is introduced to analyze data exposure through mobile companion apps, ensuring responsible data handling.

• IoT
• Data Exposure
• Privacy
• Companion Apps
• Analysis

dari_62 Follow

Uploaded on Nov 22, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

Presentation Transcript

1. Are You Spying on Me? Large-Scale Analysis on IoT Data Exposure through Companion Apps Yuhong Nan , Xueqiang Wang , Luyi Xing, Xiaojing Liao, Ruoyu Wu, Jianliang Wu , Yifan Zhang , XiaoFeng Wang Published in : 32st USENIX Security Symposium

2. A Taxonomy of Privacy-Sensitive IoT Data Outline 1 2 Introduction Backgroud A Taxonomy of Privacy-Sensitive IoT Data Design of IoTProfiler 3 4 2

3. Outline 5 6 Evaluation Measurement 7 Conclusion 3

4. 1 Introduction 4

5. Introduction The pervasiveness of Internet of Thing (IoT) devices hasbrought in concerns about their privacy implications when operating in scenarios such as smart homes, health care The difficulty in accessing a large number of IoT devices, which are expensive to get and challengingto inspect. Prior techniques could not fully enable a large-scale, fine-grained discovery and analysis of the information gathered and disseminated by IoT devices and IoT vendors 5

6. Introduction we present a novel approach that achieves a large-scale, fine-grained inspection of IoT data exposure by analyzing IoT mobile companion apps IoTProfiler, that inspects IoT data exposure utilizing mobile companion apps of those devices, and further checks whether such exposure has been done in a responsible way 6

7. Introduction IoTProfilerleverages twokey observations: 1. First, although IoT devices can directly transmit user data to their cloud back-ends, many of them need to locally connect to their mobile companion apps (e.g., through Bluetooth, local area networks) for the purposes of data processing 2. Second, these companion apps are usually semantic-rich, carrying a variety of textual descriptions in natural languages 7

8. Introduction 8

9. 2 Background 9

10. Background Two modes of IoT data management: First, IoT vendors often utilize companion apps as an intermediary to process the data from their devices, before sending them to the clouds In the meantime, some IoT devices directly transfer their data to their cloud back-ends. Examples include Amazon Echo, Google Home, Samsung SmartThings 10

11. Background In this research, we focus on the IoTdevices that share user data they collect with cloud back-endsor third parties through their companion apps. 11

12. 3 A Taxonomy of Privacy-Sensitive IoT Data 12

13. A Taxonomy of Privacy-Sensitive IoT Data 13

14. 4 Design of IoTProfiler 14

15. Design of IoTProfiler IoTProfileraims for a large-scale understanding of IoT data exposure in the wild, through automated static analysis of IoT companion apps. A key challenge, as mentioned earlier, is how to effectively locate the IoT device data in- transit within the app, which is a necessary step before one can track their exposure. 15

16. Design of IoTProfiler IoT code block IoT data point 16

17. Design of IoTProfiler 17

18. Design of IoTProfiler Enriching semantics of code blocks: Although most code blocks contain a sufficient amount of text labels reflecting their semantics, in some cases, the number of valid text labels 18

19. Design of IoTProfiler 19

20. 5 Evaluation 20

21. Evaluation Among the IoT companion apps, 74.6% of them are from Google Play, 11.4% of them are from APKPureand 14.0% of them are from the 360 Store. with each app covering an average of 63 locales (or regions). The average app size is 15.7MB (rangingfrom 16KB to 133MB). 21

22. Evaluation Effectiveness of IoT code block identification 22

23. Evaluation 23

24. 6 Measurement 24

25. Measurement 25

26. Measurement 26

27. Measurement 27

28. Measurement We have made responsible disclosures to both the app developers and app stores. For most of the apps , we can get their developer emails from the app stores. Therefore, we have sent a total of 1,381 emails for the apps that fail to disclose some IoT data items, and suggested the developers update their privacy policies 28

29. 7 Conclusions 29

30. Conclusion In this paper, we performed a comprehensive measurement study on unauthorized data collection and exposure of the IoT devices through their mobile companion apps We propose IoTProfiler, a novel framework that combines machine learning and program analysis, to address the challenge of identifying IoT device data and tracking their disclosure from mobile apps 30

31. Thanks for listening Q & A 31