We coin a new term called data transfusion as a phenomenon that a user experiences when pairing a wearable device with the host device. A large amount of data stored in the host device (e.g., a smartphone) is forcibly copied to the wearable device (e.g., a smart watch) due to pairing while the wearable device is usually less a.ended. To the best of knowledge, there is no previous work that manipulates how sensitive data is transfused even without user's consent and how users perceive and behave regarding such a phenomenon for smart watches. We tackle this problem by conducting an experimental study of data extraction from commodity devices, such as in Android Wear, watchOS, and Tizen platforms, and a following survey study with 205 smart watch users, in two folds. .e experimental studies have shown that a large amount of sensitive data was transfused, but there was not enough user noti.cation. .e survey results have shown that users have lower perception on smart watches for security and privacy than smartphones, but they tend to set the same passcode on both devices when needed. Based on the results, we perform risk assessment and discuss possible mitigation that involves volatile transfusion.
|Title of host publication||CCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security|
|Publisher||Association for Computing Machinery|
|Number of pages||3|
|Publication status||Published - 2017 Oct 30|
|Event||24th ACM SIGSAC Conference on Computer and Communications Security, CCS 2017 - Dallas, United States|
Duration: 2017 Oct 30 → 2017 Nov 3
|Name||Proceedings of the ACM Conference on Computer and Communications Security|
|Other||24th ACM SIGSAC Conference on Computer and Communications Security, CCS 2017|
|Period||17/10/30 → 17/11/3|
Bibliographical noteFunding Information:
.is work was partly supported by the National Research Foundation of Korea (NRF) grant funded by the Korea government (MSIT) (No. NRF-2 015R1A2A2A01004792), and also by the MSIT under the ITRC (Information Technology Research Center) support program(IITP-2017-2012-0-00646).
© 2017 author(s).
All Science Journal Classification (ASJC) codes
- Computer Networks and Communications