Visible to the public Home Alone: The Insider Threat of Unattended Wearables and A Defense using Audio Proximity

TitleHome Alone: The Insider Threat of Unattended Wearables and A Defense using Audio Proximity
Publication TypeConference Paper
Year of Publication2018
AuthorsShrestha, P., Shrestha, B., Saxena, N.
Conference Name2018 IEEE Conference on Communications and Network Security (CNS)
Keywordsactive audio challenge, attack activity, audio proximity, audio signal processing, authentication, Biomedical monitoring, Bluetooth, Electronic mail, electronic messaging, emails, Glass, Google, Human Behavior, human computer interaction, insider attacker, insider threat, mobile computing, phone calls, photos, physical barriers, pubcrawl, radio communication range, Resiliency, Scalability, security of data, sensitive command pushing, sensitive information learning, sensitive information pulling, shared office spaces, smart phones, smartphone, stolen wearable threat, taking pictures, telecommunication security, text messages, unattended wearable devices, wearable computers, wearables security, wireless communication medium
Abstract

In this paper, we highlight and study the threat arising from the unattended wearable devices pre-paired with a smartphone over a wireless communication medium. Most users may not lock their wearables due to their small form factor, and may strip themselves off of these devices often, leaving or forgetting them unattended while away from homes (or shared office spaces). An "insider" attacker (potentially a disgruntled friend, roommate, colleague, or even a spouse) can therefore get hold of the wearable, take it near the user's phone (i.e., within radio communication range) at another location (e.g., user's office), and surreptitiously use it across physical barriers for various nefarious purposes, including pulling and learning sensitive information from the phone (such as messages, photos or emails), and pushing sensitive commands to the phone (such as making phone calls, sending text messages and taking pictures). The attacker can then safely restore the wearable, wait for it to be left unattended again and may repeat the process for maximum impact, while the victim remains completely oblivious to the ongoing attack activity. This malicious behavior is in sharp contrast to the threat of stolen wearables where the victim would unpair the wearable as soon as the theft is detected. Considering the severity of this threat, we also respond by building a defense based on audio proximity, which limits the wearable to interface with the phone only when it can pick up on an active audio challenge produced by the phone.

URLhttps://ieeexplore.ieee.org/document/8433216
DOI10.1109/CNS.2018.8433216
Citation Keyshrestha_home_2018