Data Transfusion: Pairing Wearable Devices and Its Implication on Security for Internet of Things

Youngjoo Lee, Wonseok Yang, Taekyoung Kwon

Research output: Contribution to journalArticle

3 Citations (Scopus)

Abstract

When a wearable device such as a smartwatch is paired with a host device, e.g., a smartphone, it is inevitable that a certain amount of data stored in the host device will be copied to the wearable device for initialization and personalization purposes. This incident may frequently occur with the Internet of Things. However, it is not well known, particularly among users, what type of data and how much of it is actually being copied or retained as a result of device pairing. Thus, it is unclear whether users are properly managing smartphones and smartwatches based on their stored data. In this regard, we coined a new term called data transfusion to describe the phenomenon in which a user experiences data transfer while pairing but without having any knowledge regarding the data. To the best of our knowledge, there are no previous studies that deal with how much sensitive data are transfused regardless of user consent, and how users perceive and behave toward such a phenomenon for smartwatches. As this is a significant issue with the Internet of Things, we tackle this problem in two ways. We first conduct an experimental study of data extraction from commodity devices such as in Android Wear, watchOS, and Tizen platforms, followed by a survey of 205 smartwatch users. The experimental study reveals that large amounts of sensitive data are being transfused without sufficient user notification. The survey demonstrates that users have lower risk perceptions for smartwatches than for smartphones in terms of security and privacy, but they tend to set the same passcode on both devices when needed. Based on the results, we perform risk assessment and discuss possible mitigation measures that involve volatile transfusion for securing the Internet of Things.

Original languageEnglish
Article number8418356
Pages (from-to)48994-49006
Number of pages13
JournalIEEE Access
Volume6
DOIs
Publication statusPublished - 2018 Jul 21

Fingerprint

Smartphones
Risk perception
Data transfer
Risk assessment
Wear of materials
Internet of things

All Science Journal Classification (ASJC) codes

  • Computer Science(all)
  • Materials Science(all)
  • Engineering(all)

Cite this

@article{f8df94d3119c4a8eab665f998b55e3d7,
title = "Data Transfusion: Pairing Wearable Devices and Its Implication on Security for Internet of Things",
abstract = "When a wearable device such as a smartwatch is paired with a host device, e.g., a smartphone, it is inevitable that a certain amount of data stored in the host device will be copied to the wearable device for initialization and personalization purposes. This incident may frequently occur with the Internet of Things. However, it is not well known, particularly among users, what type of data and how much of it is actually being copied or retained as a result of device pairing. Thus, it is unclear whether users are properly managing smartphones and smartwatches based on their stored data. In this regard, we coined a new term called data transfusion to describe the phenomenon in which a user experiences data transfer while pairing but without having any knowledge regarding the data. To the best of our knowledge, there are no previous studies that deal with how much sensitive data are transfused regardless of user consent, and how users perceive and behave toward such a phenomenon for smartwatches. As this is a significant issue with the Internet of Things, we tackle this problem in two ways. We first conduct an experimental study of data extraction from commodity devices such as in Android Wear, watchOS, and Tizen platforms, followed by a survey of 205 smartwatch users. The experimental study reveals that large amounts of sensitive data are being transfused without sufficient user notification. The survey demonstrates that users have lower risk perceptions for smartwatches than for smartphones in terms of security and privacy, but they tend to set the same passcode on both devices when needed. Based on the results, we perform risk assessment and discuss possible mitigation measures that involve volatile transfusion for securing the Internet of Things.",
author = "Youngjoo Lee and Wonseok Yang and Taekyoung Kwon",
year = "2018",
month = "7",
day = "21",
doi = "10.1109/ACCESS.2018.2859046",
language = "English",
volume = "6",
pages = "48994--49006",
journal = "IEEE Access",
issn = "2169-3536",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

Data Transfusion : Pairing Wearable Devices and Its Implication on Security for Internet of Things. / Lee, Youngjoo; Yang, Wonseok; Kwon, Taekyoung.

In: IEEE Access, Vol. 6, 8418356, 21.07.2018, p. 48994-49006.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Data Transfusion

T2 - Pairing Wearable Devices and Its Implication on Security for Internet of Things

AU - Lee, Youngjoo

AU - Yang, Wonseok

AU - Kwon, Taekyoung

PY - 2018/7/21

Y1 - 2018/7/21

N2 - When a wearable device such as a smartwatch is paired with a host device, e.g., a smartphone, it is inevitable that a certain amount of data stored in the host device will be copied to the wearable device for initialization and personalization purposes. This incident may frequently occur with the Internet of Things. However, it is not well known, particularly among users, what type of data and how much of it is actually being copied or retained as a result of device pairing. Thus, it is unclear whether users are properly managing smartphones and smartwatches based on their stored data. In this regard, we coined a new term called data transfusion to describe the phenomenon in which a user experiences data transfer while pairing but without having any knowledge regarding the data. To the best of our knowledge, there are no previous studies that deal with how much sensitive data are transfused regardless of user consent, and how users perceive and behave toward such a phenomenon for smartwatches. As this is a significant issue with the Internet of Things, we tackle this problem in two ways. We first conduct an experimental study of data extraction from commodity devices such as in Android Wear, watchOS, and Tizen platforms, followed by a survey of 205 smartwatch users. The experimental study reveals that large amounts of sensitive data are being transfused without sufficient user notification. The survey demonstrates that users have lower risk perceptions for smartwatches than for smartphones in terms of security and privacy, but they tend to set the same passcode on both devices when needed. Based on the results, we perform risk assessment and discuss possible mitigation measures that involve volatile transfusion for securing the Internet of Things.

AB - When a wearable device such as a smartwatch is paired with a host device, e.g., a smartphone, it is inevitable that a certain amount of data stored in the host device will be copied to the wearable device for initialization and personalization purposes. This incident may frequently occur with the Internet of Things. However, it is not well known, particularly among users, what type of data and how much of it is actually being copied or retained as a result of device pairing. Thus, it is unclear whether users are properly managing smartphones and smartwatches based on their stored data. In this regard, we coined a new term called data transfusion to describe the phenomenon in which a user experiences data transfer while pairing but without having any knowledge regarding the data. To the best of our knowledge, there are no previous studies that deal with how much sensitive data are transfused regardless of user consent, and how users perceive and behave toward such a phenomenon for smartwatches. As this is a significant issue with the Internet of Things, we tackle this problem in two ways. We first conduct an experimental study of data extraction from commodity devices such as in Android Wear, watchOS, and Tizen platforms, followed by a survey of 205 smartwatch users. The experimental study reveals that large amounts of sensitive data are being transfused without sufficient user notification. The survey demonstrates that users have lower risk perceptions for smartwatches than for smartphones in terms of security and privacy, but they tend to set the same passcode on both devices when needed. Based on the results, we perform risk assessment and discuss possible mitigation measures that involve volatile transfusion for securing the Internet of Things.

UR - http://www.scopus.com/inward/record.url?scp=85050372057&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85050372057&partnerID=8YFLogxK

U2 - 10.1109/ACCESS.2018.2859046

DO - 10.1109/ACCESS.2018.2859046

M3 - Article

AN - SCOPUS:85050372057

VL - 6

SP - 48994

EP - 49006

JO - IEEE Access

JF - IEEE Access

SN - 2169-3536

M1 - 8418356

ER -