@inproceedings{f259ce9c8deb4c858af439e52814d649,
title = "Leaking data from enterprise networks using a compromised smartwatch device",
abstract = "The recent proliferation of the Internet of Things (IoT) technology poses major security and privacy concerns. Specifically, the use of personal IoT devices, such as tablets, smartphones, and even smartwatches, as part of the Bring Your Own Device (BYOD) trend, may result in severe network security breaches in enterprise environments. Such devices increase the attack surface by weakening the digital perimeter of the enterprise network and opening new points of entry for malicious activities. In this paper we demonstrate a novel attack scenario in an enterprise environment by exploiting the smartwatch device of an innocent employee. The attack scenario establishes a rogue wireless access point using a malicious application running on a capable smartwatch device that imitates a real Wi-Fi direct printer service in the network. Using this scenario, supported by a practical proof of concept, we illustrate how an advanced attacker located outside of the organization can exploit the compromised smartwatch device of the victim user to intercept print jobs sent to a legitimate Wi-Fi direct printer deployed in the network in order to leak/steal sensitive data from the organization.",
keywords = "Data leakage, Enterprise networks, Internet of things, Rogue access point, Security, Smartwatch",
author = "Shachar Siboni and Asaf Shabtai and Yuval Elovici",
note = "Publisher Copyright: {\textcopyright} 2018 ACM.; 33rd Annual ACM Symposium on Applied Computing, SAC 2018 ; Conference date: 09-04-2018 Through 13-04-2018",
year = "2018",
month = apr,
day = "9",
doi = "10.1145/3167132.3167214",
language = "American English",
series = "Proceedings of the ACM Symposium on Applied Computing",
pages = "741--750",
booktitle = "Proceedings of the 33rd Annual ACM Symposium on Applied Computing, SAC 2018",
}