Leaking data from enterprise networks using a compromised smartwatch device

Shachar Siboni, Asaf Shabtai, Yuval Elovici

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

6 Scopus citations

Abstract

The recent proliferation of the Internet of Things (IoT) technology poses major security and privacy concerns. Specifically, the use of personal IoT devices, such as tablets, smartphones, and even smartwatches, as part of the Bring Your Own Device (BYOD) trend, may result in severe network security breaches in enterprise environments. Such devices increase the attack surface by weakening the digital perimeter of the enterprise network and opening new points of entry for malicious activities. In this paper we demonstrate a novel attack scenario in an enterprise environment by exploiting the smartwatch device of an innocent employee. The attack scenario establishes a rogue wireless access point using a malicious application running on a capable smartwatch device that imitates a real Wi-Fi direct printer service in the network. Using this scenario, supported by a practical proof of concept, we illustrate how an advanced attacker located outside of the organization can exploit the compromised smartwatch device of the victim user to intercept print jobs sent to a legitimate Wi-Fi direct printer deployed in the network in order to leak/steal sensitive data from the organization.

Original languageEnglish
Title of host publicationProceedings of the 33rd Annual ACM Symposium on Applied Computing, SAC 2018
PublisherAssociation for Computing Machinery
Pages741-750
Number of pages10
ISBN (Electronic)9781450351911
DOIs
StatePublished - 9 Apr 2018
Event33rd Annual ACM Symposium on Applied Computing, SAC 2018 - Pau, France
Duration: 9 Apr 201813 Apr 2018

Publication series

NameProceedings of the ACM Symposium on Applied Computing

Conference

Conference33rd Annual ACM Symposium on Applied Computing, SAC 2018
Country/TerritoryFrance
CityPau
Period9/04/1813/04/18

Keywords

  • Data leakage
  • Enterprise networks
  • Internet of things
  • Rogue access point
  • Security
  • Smartwatch

Fingerprint

Dive into the research topics of 'Leaking data from enterprise networks using a compromised smartwatch device'. Together they form a unique fingerprint.

Cite this