research-article

Public Access

Some Recipes Can Do More Than Spoil Your Appetite: Analyzing the Security and Privacy Risks of IFTTT Recipes

Authors:

Milijana Surbatovich,

Jassim Aljuraidan,

Limin JiaAuthors Info & Claims

WWW '17: Proceedings of the 26th International Conference on World Wide Web

Pages 1501 - 1510

https://doi.org/10.1145/3038912.3052709

Published: 03 April 2017 Publication History

Abstract

The use of end-user programming, such as if-this-then-that (IFTTT), is becoming increasingly common. Services like IFTTT allow users to easily create new functionality by connecting arbitrary Internet-of-Things (IoT) devices and online services using simple if-then rules, commonly known as recipes. However, such convenience at times comes at the cost of security and privacy risks for end users. To gain an in-depth understanding of the potential security and privacy risks, we build an information-flow model to analyze how often IFTTT recipes involve potential integrity or secrecy violations. Our analysis finds that around 50% of the 19,323 unique recipes we examined are potentially unsafe, as they contain a secrecy violation, an integrity violation, or both. We next categorize the types of harm that these potentially unsafe recipes can cause to users. After manually examining a random selection of potentially unsafe recipes, we find that recipes can not only lead to harms such as personal embarrassment but can also be exploited by an attacker, e.g., to distribute malware or carry out denial-of-service attacks. The use of IoT devices and services like IFTTT is expected only to grow in the near future; our analysis suggests users need to be both informed about and protected from these emerging threats to which they could be unwittingly exposing themselves.

References

[1]

2016 on IFTTT. https://ifttt.com/blog/2017/01/year-in-review, Accessed Jan. 2017.

[2]

The future is this one-click remote for everything in your life. http://qz.com/346767/ifttt-pares-down-its-automation-service-to-prepare-for-the-one-click-smartwatch-future/ Accessed Oct. 2016.

[3]

Gartner says the Internet of Things will transform the data center.

[4]

How IFTTT is taking a big swing at being a connective tissue for IoT. http://www.techrepublic.com/article/how-fttt-is-taking-a-big-swing-at-bringing-connectedness-to-a-connected-world/ Accessed Oct. 2016.

[5]

How IoT and smart home automation will change the way we live. http://www.businessinsider.com/internet-of-things-smart-home-automation-2016-8 Accessed Feb. 2017.

[6]

IFTTT. https://ifttt.com, Accessed Oct. 2016.

[7]

IFTTT launches 3 "Do" apps to automate photo sharing, tasks, notes; rebrands main app "IF". https://techcrunch.com/2015/02/19/ifttt-launches-3-do-apps-to-automate-photo-sharing-tasks-notes-rebrands-main-app-if/ Accessed Oct. 2016.

[8]

IFTTT services. https://ifttt.com/search/services, Accessed Feb. 2017.

[9]

Prolog. http://www.swi-prolog.org/, Accessed Oct. 2016.

[10]

K. J. Biba. Integrity considerations for secure computer systems. Technical report, MITRE Corp., 04 1977.

[11]

F. Cabitza, D. Fogli, R. Lanzilotti, and A. Piccinno. End-user development in ambient intelligence: A user study. In Proceedings of the 11th Biannual Conference on Italian SIGCHI Chapter, CHI taly 2015, 2015.

Digital Library

[12]

X. Chen, C. Lu, R. Shin, M. Chen, and D. Song. An end-to-end approach for natural language to IFTTT program translation. In Proceedings of the 2016 Neural Information Processing Systems (NIPS), NIPS '16, 2016.

[13]

L. De Russis and F. Corno. HomeRules: A tangible end-user programming interface for smart homes. In Proceedings of the 33rd Annual ACM Conference Extended Abstracts on Human Factors in Computing Systems, CHI EA '15, 2015.

Digital Library

[14]

D. E. Denning. A lattice model of secure information flow. Commun. ACM, 19(5):236--243, May 1976.

Digital Library

[15]

A. K. Dey, T. Sohn, S. Streng, and J. Kodama. iCAP: Interactive prototyping of context-aware applications. In Proceedings of the 4th International Conference on Pervasive Computing, 2006.

Digital Library

[16]

M. Egele, C. Kruegel, E. Kirda, and G. Vigna. PiOS: Detecting privacy leaks in iOS applications. In Proceedings of Network and Distributed System Security Symposium, 2011.

[17]

W. Enck, P. Gilbert, S. Han, V. Tendulkar, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Transactions on Computer Systems (TOCS), 32(2):5, 2014.

Digital Library

[18]

E. Fernandes, J. Jung, and A. Prakash. Security analysis of emerging smart home applications. In Proceedings of the 2016 IEEE Symposium on Security and Privacy (SP), 2016.

[19]

E. Fernandes, J. Paupore, A. Rahmati, D. Simionato, M. Conti, and A. Prakash. FlowFence: Practical data protection for emerging IoT application frameworks. In Proceedings of the 25th USENIX Security Symposium, 2016.

[20]

J. A. Goguen and J. Meseguer. Security policies and security models. In Proceedings of the 1982 IEEE Symposium on Security and Privacy, 1982.

[21]

J. Huang and M. Cakmak. Supporting mental model accuracy in trigger-action programming. In Proceedings of the 2015 ACM International Joint Conference on Pervasive and Ubiquitous Computing, UbiComp '15, 2015.

Digital Library

[22]

C.-J. M. Liang, B. F. Karlsson, N. D. Lane, F. Zhao, J. Zhang, Z. Pan, Z. Li, and Y. Yu. SIFT: Building an internet of safe things. In Proceedings of the 14th International Conference on Information Processing in Sensor Networks, 2015.

Digital Library

[23]

M. Ma, S. M. Preum, W. Tarneberg, M. Ahmed, M. Ruiters, and J. Stankovic. Detection of runtime conflicts among services in smart cities. In Proceedings of 2016 IEEE International Conference on Smart Computing, 2016.

[24]

S. Munir and J. A. Stankovic. DepSys: Dependency aware integration of cyber-physical systems for smart homes. In Proceedings of the 5th International Conference on Cyber-Physical Systems, 2014.

Digital Library

[25]

A. C. Myers, A. Sabelfeld, and S. Zdancewic. Enforcing robust declassification. In Proceedings of the 17th IEEE Computer Security Foundations Workshop, 2004.

Digital Library

[26]

A. A. Nacci, B. Balaji, P. Spoletini, R. Gupta, D. Sciuto, and Y. Agarwal. BuildingRules: A trigger-action based system to manage complex commercial buildings. In Adjunct Proceedings of the 2015 ACM International Joint Conference on Pervasive and Ubiquitous Computing and Proceedings of the 2015 ACM International Symposium on Wearable Computers, 2015.

Digital Library

[27]

C. Quirk, R. J. Mooney, and M. Galley. Language to code: Learning semantic parsers for If-This-Then-That recipes. In Proceedings of the 53rd Annual Meeting of the Association for Computational Linguistics (ACL), 2015.

[28]

A. Sabelfeld and A. C. Myers. Language-based information-flow security. IEEE Journal on selected areas in communications, 21(1):5--19, 2003.

Digital Library

[29]

K. Tada, S. Takahashi, and B. Shizuki. Smart home cards: Tangible programming with paper cards. In Proceedings of the 2016 ACM International Joint Conference on Pervasive and Ubiquitous Computing: Adjunct, UbiComp '16, 2016.

Digital Library

[30]

B. Ur, E. McManus, M. Pak Yong Ho, and M. L. Littman. Practical trigger-action programming in the smart home. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI '14, 2014.

Digital Library

[31]

B. Ur, M. Pak Yong Ho, S. Brawner, J. Lee, S. Mennicken, N. Picard, D. Schulze, and M. L. Littman. Trigger-action programming in the wild: An analysis of 200,000 IFTTT recipes. In Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems, CHI '16, 2016.

Digital Library

[32]

J.-b. Woo and Y.-k. Lim. User experience in Do-it-yourself-style smart homes. In Proceedings of the 2015 ACM International Joint Conference on Pervasive and Ubiquitous Computing, UbiComp '15, 2015.

Digital Library

[33]

S. A. Zdancewic. Programming Languages for Information Security. PhD thesis, 2002.

Digital Library

Cited By

Breve BCimino GDeufemia V(2024)Hybrid Prompt Learning for Generating Justifications of Security Risks in Automation RulesACM Transactions on Intelligent Systems and Technology10.1145/3675401Online publication date: 29-Jun-2024
https://doi.org/10.1145/3675401
Martone ACena FGena CVernero F(2024)Securing the smart home environment: an experiment on the impact of explainable warningsProceedings of the 2024 International Conference on Advanced Visual Interfaces10.1145/3656650.3656721(1-3)Online publication date: 3-Jun-2024
https://dl.acm.org/doi/10.1145/3656650.3656721
Kafle KJagtap KAhmed-Rengers MJaeger TNadkarni AKim YKim JKoushanfar FRasmussen K(2024)Practical Integrity Validation in the Smart Home with HomeEndorserProceedings of the 17th ACM Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3643833.3656116(207-218)Online publication date: 27-May-2024
https://dl.acm.org/doi/10.1145/3643833.3656116
Show More Cited By

Index Terms

Some Recipes Can Do More Than Spoil Your Appetite: Analyzing the Security and Privacy Risks of IFTTT Recipes
1. Security and privacy
  1. Human and societal aspects of security and privacy
    1. Privacy protections
  2. Systems security
    1. Information flow control

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

WWW '17: Proceedings of the 26th International Conference on World Wide Web

April 2017

1678 pages

ISBN:9781450349130

General Chairs:
Rick Barrett
W3Events
,
Rick Cummings
Murdoch University
,
Program Chairs:
Eugene Agichtein
Emory University
,
Evgeniy Gabrilovich
Google Research

Copyright © 2017 Copyright is held by the International World Wide Web Conference Committee (IW3C2).

Sponsors

IW3C2: International World Wide Web Conference Committee

In-Cooperation

SIGWEB: ACM Special Interest Group on Hypertext, Hypermedia, and Web

Publisher

International World Wide Web Conferences Steering Committee

Republic and Canton of Geneva, Switzerland

Publication History

Published: 03 April 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Army Research Laboratory (Cyber Security CRA)
National Science Foundation
DARPA and the Air Force Research Laboratory
Google gift

Conference

WWW '17

Sponsor:

IW3C2

WWW '17: 26th International World Wide Web Conference

April 3 - 7, 2017

Perth, Australia

Acceptance Rates

WWW '17 Paper Acceptance Rate 164 of 966 submissions, 17%;

Overall Acceptance Rate 1,899 of 8,196 submissions, 23%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

99
Total Citations
View Citations
1,437
Total Downloads

Downloads (Last 12 months)178
Downloads (Last 6 weeks)11

Reflects downloads up to 12 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Breve BCimino GDeufemia V(2024)Hybrid Prompt Learning for Generating Justifications of Security Risks in Automation RulesACM Transactions on Intelligent Systems and Technology10.1145/3675401Online publication date: 29-Jun-2024
https://doi.org/10.1145/3675401
Martone ACena FGena CVernero F(2024)Securing the smart home environment: an experiment on the impact of explainable warningsProceedings of the 2024 International Conference on Advanced Visual Interfaces10.1145/3656650.3656721(1-3)Online publication date: 3-Jun-2024
https://dl.acm.org/doi/10.1145/3656650.3656721
Kafle KJagtap KAhmed-Rengers MJaeger TNadkarni AKim YKim JKoushanfar FRasmussen K(2024)Practical Integrity Validation in the Smart Home with HomeEndorserProceedings of the 17th ACM Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3643833.3656116(207-218)Online publication date: 27-May-2024
https://dl.acm.org/doi/10.1145/3643833.3656116
Wan LWang KMahadewa KWang HBai GChua TNgo CKa-Wei Lee RKumar RLauw H(2024)Don't Bite Off More than You Can Chew: Investigating Excessive Permission Requests in Trigger-Action IntegrationsProceedings of the ACM on Web Conference 202410.1145/3589334.3645721(3106-3116)Online publication date: 13-May-2024
https://dl.acm.org/doi/10.1145/3589334.3645721
Wan LWang KWang HBai GChua TNgo CKa-Wei Lee RKumar RLauw H(2024)Is It Safe to Share Your Files? An Empirical Security Analysis of Google WorkspaceProceedings of the ACM on Web Conference 202410.1145/3589334.3645697(1892-1901)Online publication date: 13-May-2024
https://dl.acm.org/doi/10.1145/3589334.3645697
Chen LWang CChen CHuang CChen XZhang M(2024)TapChecker: A Lightweight SMT-Based Conflict Analysis for Trigger-Action ProgrammingIEEE Internet of Things Journal10.1109/JIOT.2024.337455611:12(21411-21426)Online publication date: 15-Jun-2024
https://doi.org/10.1109/JIOT.2024.3374556
Sun DHu LWu GXing YHu JWang F(2024)Threat Detection in Trigger-Action Programming Rules of Smart Home With Heterogeneous Information Network ModelIEEE Internet of Things Journal10.1109/JIOT.2024.336295011:10(18320-18334)Online publication date: 15-May-2024
https://doi.org/10.1109/JIOT.2024.3362950
Li KWang HZhou MZhu HSun L(2024)Cascading Threat Analysis of IoT Devices in Trigger-Action PlatformsIEEE Internet of Things Journal10.1109/JIOT.2023.333527911:7(12240-12251)Online publication date: 1-Apr-2024
https://doi.org/10.1109/JIOT.2023.3335279
Pasqua MMiculan M(2024)Behavioral Equivalences for AbU: Verifying Security and Safety in Distributed IoT SystemsTheoretical Computer Science10.1016/j.tcs.2024.114537(114537)Online publication date: Mar-2024
https://doi.org/10.1016/j.tcs.2024.114537
Xing YHu LDu XShen ZHu JWang F(2024)A privacy-preserving federated graph learning framework for threat detection in IoT trigger-action programmingExpert Systems with Applications10.1016/j.eswa.2024.124724255(124724)Online publication date: Dec-2024
https://doi.org/10.1016/j.eswa.2024.124724
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents