Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
skip to main content
10.1145/3167996.3168001acmotherconferencesArticle/Chapter ViewAbstractPublication PagesstastConference Proceedingsconference-collections
research-article

Making sense of sensors: mobile sensor security awareness and education

Published: 05 December 2018 Publication History

Abstract

Mobile sensors have already proved to be helpful to different aspects of people's everyday lives such as fitness, gaming, navigation, etc. However, illegitimate access to these sensors provides a malicious program running with an exploit path. While the users are benefiting from richer and more personalized apps, the growing number of sensors introduces new security and privacy risks to end users, and makes the task of sensor management more complex.
In this paper, first, we discuss the issues around security and privacy of mobile sensors. Second, we reflect the results of a workshop which we organized on mobile sensor security. In this workshop, the participants are introduced to mobile sensors by working with sensor-enabled apps. We evaluate the risk levels perceived by the participants for these sensors after they learn their functionalities. The results show that knowing sensors by working with sensor-enabled apps would not immediately improve the users' security inference of the actual risks of these sensors. Finally, we provide recommendations for educators, app developers, and mobile users to contribute toward awareness and education on this topic.

References

[1]
Ruba Abu-Salma, Anastasia Danilova, M Angela Sasse, Alena Naiakshina, Joseph Bonneau, and Matthew Smith. Obstacles to the adoption of secure communication tools. In Proceedings of the 38th IEEE Symposium on Security and Privacy, IEEE S&P '17, 2017.
[2]
Android sensors. Available at http://developer.android.com/guide/topics/sensors/sensors_overview.html.
[3]
Cheng Bo, Lan Zhang, Xiang-Yang Li, Qiuyuan Huang, and Yu Wang. Silentsense: Silent user identification via touch and movement behavioral biometrics. In Proceedings of the 19th Annual International Conference on Mobile Computing and Networking, MobiCom 2013. ACM, 2013.
[4]
Massimiano Bucchi. Science and the Media. 1998.
[5]
Kirsten Crager, Anindya Maiti, Murtuza Jadliwala, and Jibo He. Information leakage through mobile motion sensors: User awareness and concerns. Euro USEC' 17, 2017.
[6]
Alexander De Luca, Alina Hang, Frederik Brudy, Christian Lindner, and Heinrich Hussmann. Touch me once and i know it's you!: Implicit authentication based on touch screen patterns. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI 2012. ACM, 2012.
[7]
Planet of the phones. From the print edition by The Economist, 2015. Available online at http://www.economist.com/news/leaders/21645180-smartphone-ubiquitous-addictive-and-transformative-planet-phones.
[8]
Location and Sensors APIs. Available at: developer.android.com/guide/topics/sensors/index.html.
[9]
Matthew Green and Matthew Smith. Developers are not the enemy!: The need for usable security apis. IEEE Security and Privacy, 14(5):40--46, September 2016.
[10]
Jan Hauke and Tomasz Kossowski. Comparison of values of pearson's and spearman's correlation coefficients... 2011.
[11]
Alex Hern. Tilted device could pinpoint pin number for hackers, study claims, 2017. Available online at http://www.theguardian.com/technology/2017/apr/11/tilted-device-could-pinpoint-pin-number-for-hackers-study-claims.
[12]
Stephen Hilgartner. The dominant view of popularization: conceptual problems, political uses. Social studies of science, 20(3):519--539, 1990.
[13]
Xing Jin, Xunchao Hu, Kailiang Ying, Wenliang Du, Heng Yin, and Gautam Nagesh Peri. Code injection attacks on html5-based mobile apps: Characterization, detection and mitigation. In Proccedings of 21th ACM Conference on Computer and Communications Security, CCS 2014. ACM, 2014.
[14]
Haoyu Li, Di Ma, Nitesh Saxena, Babins Shrestha, and Yan Zhu. Tap-Wave-Rub: Lightweight malware prevention for smartphones using intuitive human gestures. In Proceedings of the Sixth ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2013. ACM, 2013.
[15]
Rene Mayrhofer and Hans Gellersen. Shake well before use: Authentication based on accelerometer data. In Pervasive Computing. Springer Berlin Heidelberg, 2007.
[16]
Maryam Mehrnezhad, Mohammed Ali, Feng Hao, and Aad van Moorsel. Nfc payment spy: Privacy attacks on contactless payments using NFC-enabled mobile. In Proccedings of Third International Conference on Research in Security Standardisation, SSR 2016. Springer International Publishing, 2016.
[17]
Maryam Mehrnezhad, Feng Hao, and Siamak Shahandashti. Tap-Tap and Pay (TTP): Preventing the mafia attack in NFC payment. In Proccedings of Second International Conference on Research in Security Standardisation, SSR 2015. Springer International Publishing, 2015.
[18]
Maryam Mehrnezhad, Ehsan Toreini, and Feng Shahandashti, Siamakand Hao. Stealing pins via mobile sensors: Actual risk versus user perception. In The 1st European Workshop on Usable Security, EuroUSEC 2016, 2016.
[19]
Maryam Mehrnezhad, Ehsan Toreini, Siamak Shahandashti, and Feng Hao. Touchsignatures: Identification of user touch actions based on mobile sensors via javascript. In Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, ASIA CCS 2015. ACM, 2015.
[20]
Maryam Mehrnezhad, Ehsan Toreini, Siamak Shahandashti, and Feng Hao. Touchsignatures: Identification of user touch actions and PINs based on mobile sensor data via javascript. Journal of Information Security and Applications, 26:23--38, 2016.
[21]
Maryam Mehrnezhad, Ehsan Toreini, Siamak F. Shahandashti, and Feng Hao. Stealing pins via mobile sensors: actual risk versus user perception. International Journal of Information Security, pages 1--23, 2017.
[22]
BBC Newsbeat. The way people tilt their smartphone can give away passwords and pins, 2017. Available online at http://www.bbc.co.uk/newsbeat/article/39565372/the-way-people-tilt-their-smartphone-can-give-away-passwords-and-pins.
[23]
Eyal Ronen, Colin O'Flynn, Adi Shamir, and Achi-Or Weingarten. Iot goes nuclear: Creating a zigbee chain reaction. Cryptology ePrint Archive, Report 2016/1047, 2016. http://eprint.iacr.org/2016/1047.
[24]
Laurent Simon and Ross Anderson. PIN Skimmer: Inferring PINs through the camera and microphone. In Proceedings of the Third ACM Workshop on Security and Privacy in Smartphones Mobile Devices, SPSM 2013, pages 67--78. ACM, 2013.
[25]
Sergio Sismondo. An introduction to science and technology studies, volume 1. Wiley-Blackwell Chichester, 2010.
[26]
Raphael Spreitzer. Pin skimming: Exploiting the ambient-light sensor in mobile devices. In Proceedings of the 4th ACM Workshop on Security and Privacy in Smartphones Mobile Devices, SPSM 2014. ACM, 2014.
[27]
Vincent F. Taylor and Ivan Martinovic. A longitudinal study of app permission usage across the google play store. 2016. Technical report available at http://arxiv.org/abs/1606.01708.
[28]
Device and sensors working group, 2016. Available online at https://www.w3.org/2009/dap/.
[29]
W3C Working Draft Document on Device Orientation Event. Available at http://www.w3.org/TR/orientation-event/.
[30]
Brian Wynne. Misunderstood misunderstanding: Social identities and public uptake of science. Public understanding of science, 2016.
[31]
Zhi Xu, Kun Bai, and Sencun Zhu. Taplogger: Inferring user inputs on smartphone touchscreens using on-board motion sensors. In Proceedings of the Fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks, WISEC 2012. ACM, 2012.

Cited By

View all
  • (2024)Are We Aware? An Empirical Study on the Privacy and Security Awareness of Smartphone SensorsSoftware Engineering and Management: Theory and Application10.1007/978-3-031-55174-1_10(139-158)Online publication date: 3-May-2024
  • (2023)Are We Aware? An Empirical Study on the Privacy and Security Awareness of Smartphone Sensors2023 IEEE/ACIS 21st International Conference on Software Engineering Research, Management and Applications (SERA)10.1109/SERA57763.2023.10197713(287-294)Online publication date: 23-May-2023
  • (2022)The Skewed Privacy Concerns of Bystanders in Smart EnvironmentsProceedings of the ACM on Human-Computer Interaction10.1145/35467196:MHCI(1-21)Online publication date: 20-Sep-2022

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
STAST '17: Proceedings of the 7th Workshop on Socio-Technical Aspects in Security and Trust
December 2018
95 pages
ISBN:9781450363570
DOI:10.1145/3167996
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 December 2018

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. mobile security awareness
  2. mobile sensors
  3. security education
  4. sensor attacks
  5. sensor security
  6. user privacy
  7. user security

Qualifiers

  • Research-article

Conference

STAST2017

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)2
  • Downloads (Last 6 weeks)0
Reflects downloads up to 26 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2024)Are We Aware? An Empirical Study on the Privacy and Security Awareness of Smartphone SensorsSoftware Engineering and Management: Theory and Application10.1007/978-3-031-55174-1_10(139-158)Online publication date: 3-May-2024
  • (2023)Are We Aware? An Empirical Study on the Privacy and Security Awareness of Smartphone Sensors2023 IEEE/ACIS 21st International Conference on Software Engineering Research, Management and Applications (SERA)10.1109/SERA57763.2023.10197713(287-294)Online publication date: 23-May-2023
  • (2022)The Skewed Privacy Concerns of Bystanders in Smart EnvironmentsProceedings of the ACM on Human-Computer Interaction10.1145/35467196:MHCI(1-21)Online publication date: 20-Sep-2022

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media