Multi-Platform Application Interaction Extraction for IoT Devices

IoT devices used in smart home have become a fundamental part of modern society. Such devices enable our living space to be more convenient. This enables human interaction with physical environment, also happens between two applications or others third-party rules in addition, and causes some unexpected automation, even causes safety concerns. What's worse is that attackers can leverage stealthy physical interactions to launch attacks against IoT systems or steal user privacy. In this paper, we propose a tool called IoTIE that discovers any possible physical interactions and extract all potential interactions across applications and rules in the IoT environment. And we present a comprehensive system evaluation on the Samsung SmartThings and IFTTT platform. We study 187 official SmartThings applications and 98 IFTTT rules, and find they can form 231 hidden inter-app interactions through physical environments. In particular, our experiment reveals that 74 interactions are highly risky and could be potentially exploited to impact the security and safety of the IoT environment.

[1]  Qi Alfred Chen,et al.  ContexloT: Towards Providing Contextual Integrity to Appified IoT Platforms , 2017, NDSS.

[2]  Atul Prakash,et al.  FlowFence: Practical Data Protection for Emerging IoT Application Frameworks , 2016, USENIX Security Symposium.

[3]  Atul Prakash,et al.  Decoupled-IFTTT: Constraining Privilege in Trigger-Action Platforms for the Internet of Things , 2017, ArXiv.

[4]  Steven Bird,et al.  NLTK: The Natural Language Toolkit , 2002, ACL.

[5]  Srikanth V. Krishnamurthy,et al.  IotSan: fortifying the safety of IoT systems , 2018, CoNEXT.

[6]  Wenyuan Xu,et al.  DolphinAttack: Inaudible Voice Commands , 2017, CCS.

[7]  Xiaojiang Du,et al.  Cross-App Interference Threats in Smart Homes: Categorization, Detection and Handling , 2018, 2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[8]  Yue Zhao,et al.  CommanderSong: A Systematic Approach for Practical Adversarial Voice Recognition , 2018, USENIX Security Symposium.

[9]  Patrick D. McDaniel,et al.  Sensitive Information Tracking in Commodity IoT , 2018, USENIX Security Symposium.

[10]  Qi Wang,et al.  Fear and Logging in the Internet of Things , 2018, NDSS.

[11]  Hongxin Hu,et al.  On the Safety of IoT Device Physical Interaction Control , 2018, CCS.

[12]  Romit Roy Choudhury,et al.  Inaudible Voice Commands: The Long-Range Attack and Defense , 2018, NSDI.

[13]  Steven Bird,et al.  NLTK: The Natural Language Toolkit , 2002, ACL 2006.

[14]  Earlence Fernandes,et al.  Security Analysis of Emerging Smart Home Applications , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[15]  Patrick D. McDaniel,et al.  Soteria: Automated IoT Safety and Security Analysis , 2018, USENIX Annual Technical Conference.