TY - GEN
T1 - Leaking data from enterprise networks using a compromised smartwatch device
AU - Siboni, Shachar
AU - Shabtai, Asaf
AU - Elovici, Yuval
N1 - Publisher Copyright:
© 2018 ACM.
PY - 2018/4/9
Y1 - 2018/4/9
N2 - The recent proliferation of the Internet of Things (IoT) technology poses major security and privacy concerns. Specifically, the use of personal IoT devices, such as tablets, smartphones, and even smartwatches, as part of the Bring Your Own Device (BYOD) trend, may result in severe network security breaches in enterprise environments. Such devices increase the attack surface by weakening the digital perimeter of the enterprise network and opening new points of entry for malicious activities. In this paper we demonstrate a novel attack scenario in an enterprise environment by exploiting the smartwatch device of an innocent employee. The attack scenario establishes a rogue wireless access point using a malicious application running on a capable smartwatch device that imitates a real Wi-Fi direct printer service in the network. Using this scenario, supported by a practical proof of concept, we illustrate how an advanced attacker located outside of the organization can exploit the compromised smartwatch device of the victim user to intercept print jobs sent to a legitimate Wi-Fi direct printer deployed in the network in order to leak/steal sensitive data from the organization.
AB - The recent proliferation of the Internet of Things (IoT) technology poses major security and privacy concerns. Specifically, the use of personal IoT devices, such as tablets, smartphones, and even smartwatches, as part of the Bring Your Own Device (BYOD) trend, may result in severe network security breaches in enterprise environments. Such devices increase the attack surface by weakening the digital perimeter of the enterprise network and opening new points of entry for malicious activities. In this paper we demonstrate a novel attack scenario in an enterprise environment by exploiting the smartwatch device of an innocent employee. The attack scenario establishes a rogue wireless access point using a malicious application running on a capable smartwatch device that imitates a real Wi-Fi direct printer service in the network. Using this scenario, supported by a practical proof of concept, we illustrate how an advanced attacker located outside of the organization can exploit the compromised smartwatch device of the victim user to intercept print jobs sent to a legitimate Wi-Fi direct printer deployed in the network in order to leak/steal sensitive data from the organization.
KW - Data leakage
KW - Enterprise networks
KW - Internet of things
KW - Rogue access point
KW - Security
KW - Smartwatch
UR - http://www.scopus.com/inward/record.url?scp=85050524927&partnerID=8YFLogxK
U2 - 10.1145/3167132.3167214
DO - 10.1145/3167132.3167214
M3 - Conference contribution
AN - SCOPUS:85050524927
T3 - Proceedings of the ACM Symposium on Applied Computing
SP - 741
EP - 750
BT - Proceedings of the 33rd Annual ACM Symposium on Applied Computing, SAC 2018
PB - Association for Computing Machinery
T2 - 33rd Annual ACM Symposium on Applied Computing, SAC 2018
Y2 - 9 April 2018 through 13 April 2018
ER -