Personalized IoT adapt their behavior based on contextual information, such as user behavior and location. Unfortunately, the fact that personalized IoT adapt to user context opens a side-channel that leaks private information about the user. To that end, we start by studying the extent to which a malicious eavesdropper can monitor the actions taken by an IoT system and extract user's private information. In particular, we show two concrete instantiations (in the context of mobile phones and smart homes) of a new category of spyware which we refer to as Context-Aware Adaptation Based Spyware (SpyCon). Experimental evaluations show that the developed SpyCon can predict users' daily behavior with an accuracy of 90.3%. Being a new spyware with no known prior signature or behavior, traditional spyware detection that is based on code signature or system behavior are not adequate to detect SpyCon. We discuss possible detection and mitigation mechanisms that can hinder the effect of SpyCon.
|Original language||English (US)|
|Title of host publication||2019 IEEE Security and Privacy Workshops (SPW)|
|Number of pages||6|
|State||Published - May 2019|
Bibliographical noteKAUST Repository Item: Exported on 2022-06-30
Acknowledgements: This research was supported in part by the National Science Foundation under award CNS-1705135, the Army Research Laboratory (ARL) under Cooperative Agreement W911NF-17-2-0196, and the King Abdullah University of Science and Technology (KAUST) through its Sensor Innovation research program. Salma Elmalaki is supported by Microsoft Research Fellowship.
This publication acknowledges KAUST support, but has no KAUST affiliated authors.