Data Transfusion: Pairing Wearable Devices and Its Implication on Security for Internet of Things

Youngjoo Lee, Wonseok Yang, Taekyoung Kwon

Research output: Contribution to journalArticlepeer-review

11 Citations (Scopus)


When a wearable device such as a smartwatch is paired with a host device, e.g., a smartphone, it is inevitable that a certain amount of data stored in the host device will be copied to the wearable device for initialization and personalization purposes. This incident may frequently occur with the Internet of Things. However, it is not well known, particularly among users, what type of data and how much of it is actually being copied or retained as a result of device pairing. Thus, it is unclear whether users are properly managing smartphones and smartwatches based on their stored data. In this regard, we coined a new term called data transfusion to describe the phenomenon in which a user experiences data transfer while pairing but without having any knowledge regarding the data. To the best of our knowledge, there are no previous studies that deal with how much sensitive data are transfused regardless of user consent, and how users perceive and behave toward such a phenomenon for smartwatches. As this is a significant issue with the Internet of Things, we tackle this problem in two ways. We first conduct an experimental study of data extraction from commodity devices such as in Android Wear, watchOS, and Tizen platforms, followed by a survey of 205 smartwatch users. The experimental study reveals that large amounts of sensitive data are being transfused without sufficient user notification. The survey demonstrates that users have lower risk perceptions for smartwatches than for smartphones in terms of security and privacy, but they tend to set the same passcode on both devices when needed. Based on the results, we perform risk assessment and discuss possible mitigation measures that involve volatile transfusion for securing the Internet of Things.

Original languageEnglish
Article number8418356
Pages (from-to)48994-49006
Number of pages13
JournalIEEE Access
Publication statusPublished - 2018 Jul 21

Bibliographical note

Funding Information:
This work was supported in part by the Defense Acquisition Program Administration and in part by the Agency for Defense Development under Contract UD160066BD.

Publisher Copyright:
© 2013 IEEE.

All Science Journal Classification (ASJC) codes

  • Computer Science(all)
  • Materials Science(all)
  • Engineering(all)


Dive into the research topics of 'Data Transfusion: Pairing Wearable Devices and Its Implication on Security for Internet of Things'. Together they form a unique fingerprint.

Cite this