Wearables Security and Privacy

Blasco, Jorge; Patil, Harsh Kupwade; Wolff, Daniel

doi:10.1007/978-3-319-92384-0_11

Cited by 3 publications

(3 citation statements)

References 47 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As the BLE traffic of fitness trackers seems to be correlated with the intensity of the user activity, the authors show that it becomes possible for a malicious listener to infer the user's activity, by analysing the BLE traffic analysis. They also present their findings regarding the possibility to A questionnaire where exploratory factor analysis is applied to investigate if there is a relationship between the intention of fitness tracker users to disclose personal data and to continue using the wearable device Users are more likely to continue using a fitness tracker if the anticipated benefits are surpassing their privacy concerns Third-party access to personal data, data used for other purposes than stated, devices collecting too much information, activity monitoring Fietkiewicz and Ilhan (2020) An online survey from EU and USA participants who are current, former or non-users of fitness tracking applications to determine their awareness of data collection and their privacy concerns Users who normally feel insecure about their online data privacy are also more likely to be concerned about the protection of the privacy of their data collected from fitness trackers Third-party access to personal data, profiling Zimmer et al (2020) A survey and semi-structured interviews with fitness trackers users to determine the pros and cons that users notice from their interaction with their devices Users have low levels of privacy concerns, they find that the benefits of using a fitness tracker exceed any disadvantages, they do not perceive data collected from fitness trackers as sensitive and they are not aware of possible privacy threats Third-party access to personal data, third parties can use my data against me The overlooked security and privacy challenges in wearables is the focus of the work by Blasco et al (2019), where the authors identify a number of inferences that can be extracted from sensors data. According to the authors, fitness trackers become an appealing source of interest for cybercriminals, whose attacks may gain access to users biometric data, enabling identity theft, location information which is a major privacy threat or accelerometer data that can be used to infer user activities.…”

Section: Related Workmentioning

confidence: 99%

Enhancing user awareness on inferences obtained from fitness trackers data

Kounoudes

Kapitsaki

Katakis

2023

User Model User-Adap Inter

View full text Add to dashboard Cite

In the IoT era, sensitive and non-sensitive data are recorded and transmitted to multiple service providers and IoT platforms, aiming to improve the quality of our lives through the provision of high-quality services. However, in some cases these data may become available to interested third parties, who can analyse them with the intention to derive further knowledge and generate new insights about the users, that they can ultimately use for their own benefit. This predicament raises a crucial issue regarding the privacy of the users and their awareness on how their personal data are shared and potentially used. The immense increase in fitness trackers use has further increased the amount of user data generated, processed and possibly shared or sold to third parties, enabling the extraction of further insights about the users. In this work, we investigate if the analysis and exploitation of the data collected by fitness trackers can lead to the extraction of inferences about the owners routines, health status or other sensitive information. Based on the results, we utilise the PrivacyEnhAction privacy tool, a web application we implemented in a previous work through which the users can analyse data collected from their IoT devices, to educate the users about the possible risks and to enable them to set their user privacy preferences on their fitness trackers accordingly, contributing to the personalisation of the provided services, in respect of their personal data.

show abstract

Section: Related Workmentioning

confidence: 99%

Enhancing user awareness on inferences obtained from fitness trackers data

Kounoudes

Kapitsaki

Katakis

2023

User Model User-Adap Inter

View full text Add to dashboard Cite

show abstract

“…In particular, these embedded systems are often programmed in unsafe language such as C/C++, rendering them susceptible to grave security threats such as code injection, buffer overflow, and memory leaks. In fact, it has been shown that various embedded systems have been compromised through these security vulnerabilities [ 5 , 6 , 7 , 8 ], which may lead to potentially fatal consequences. Due to a lack of architectural support, established security solutions for advanced computing systems such as PCs and smartphones are not directly transferable to embedded systems.…”

Section: Introductionmentioning

confidence: 99%

DEMIX: Domain-Enforced Memory Isolation for Embedded System

Kim

Larasati

Park

et al. 2023

Sensors

View full text Add to dashboard Cite

Memory isolation is an essential technology for safeguarding the resources of lightweight embedded systems. This technique isolates system resources by constraining the scope of the processor’s accessible memory into distinct units known as domains. Despite the security offered by this approach, the Memory Protection Unit (MPU), the most common memory isolation method provided in most lightweight systems, incurs overheads during domain switching due to the privilege level intervention. However, as IoT environments become increasingly interconnected and more resources become required for protection, the significant overhead associated with domain switching under this constraint is expected to be crucial, making it harder to operate with more granular domains. To mitigate these issues, we propose DEMIX, which supports efficient memory isolation for multiple domains. DEMIX comprises two mainelements—Domain-Enforced Memory Isolation and instruction-level domain isolation—with the primary idea of enabling granular access control for memory by validating the domain state of the processor and the executed instructions. By achieving fine-grained validation of memory regions, our technique safely extends the supported domain capabilities of existing technologies while eliminating the overhead associated with switching between domains. Our implementation of eight user domains shows that our approach yields a hardware overhead of a slight 8% in Ibex Core, a very lightweight RISC-V processor.

show abstract

“…For instance, network facilities for infrastructure have been repeatedly targeted for exploitation and abuse by attackers [21]. Additionally, the leakage of personal data stored in wearable devices could cause serious privacy problems [5].…”

Section: Introductionmentioning

confidence: 99%