How Risky Are Real Users IFTTT Applets? Camille Cobb ( - - PowerPoint PPT Presentation

how risky are real users ifttt applets
SMART_READER_LITE
LIVE PREVIEW

How Risky Are Real Users IFTTT Applets? Camille Cobb ( - - PowerPoint PPT Presentation

May 26, 2023 226 likes •405 views

How Risky Are Real Users IFTTT Applets? Camille Cobb ( @camPossible) , Milijana Surbatovich, Anna Kawakami, Mahmood Sharif, Lujo Bauer, Anupam Das, Limin Jia Smart-home devices can lead to risks End-User Programming 2 Smart-home devices

slide-1
SLIDE 1

How Risky Are Real Users’ IFTTT Applets?

Camille Cobb ( @camPossible), Milijana Surbatovich, Anna Kawakami, Mahmood Sharif, Lujo Bauer, Anupam Das, Limin Jia

slide-2
SLIDE 2 2

Smart-home devices can lead to risks

End-User Programming

slide-3
SLIDE 3 3

Smart-home devices can lead to risks

slide-4
SLIDE 4

then

+

this

+

that

if

“trigger” “action”

4

“applet”

slide-5
SLIDE 5

[Surbatovich et al. 2017]

5

19,323 unique applets

SECRECY VIOLATION INTEGRITY VIOLATION

5

then if

post a message to Slack SmartThings sensor is closed

slide-6
SLIDE 6

[Surbatovich et al. 2017]

50% Safe 50% Violating

6

SECRECY VIOLATION INTEGRITY VIOLATION

6

then if

post a message to Slack SmartThings sensor is closed

slide-7
SLIDE 7 7

Moving from theory to practice

  • What fraction of users’

IFTTT applets are violating, in practice?

  • How much and what

types of harm are IFTTT users actually exposed to?

then if

post a message to Slack SmartThings sensor is closed Mailbox? Main entrance? Door to a safe? To coworkers? To my family? Just to me?

slide-8
SLIDE 8

“If front Door Sensor closed then post a message to a Slack service” [P28]

8

then if

post a message to Slack SmartThings sensor is closed Mailbox? Main entrance? Door to a safe? To coworkers? To my family? Just to me?

We collected 743 rules from 28 IFTTT users

slide-9
SLIDE 9

Evaluating participants’ rules:

41% Safe 59% Violating

9

automated analysis finds similar results

slide-10
SLIDE 10

Evaluating participants’ rules: considering context enables more accurate analysis

743 unique rules 41% Safe 59% Violating

10

Are any of these potentially harmful? Are all of these harmful?

No!

slide-11
SLIDE 11

Evaluating participants’ rules: considering context enables more accurate analysis

743 unique rules 41% Safe 59% Violating

11

Are any of these potentially harmful? Are all of these harmful?

No! then if

add a row to Google spreadsheet SmartThings sensor is closed

slide-12
SLIDE 12

Evaluating participants’ rules: considering context enables more accurate analysis

743 unique rules 41% Safe 59% Violating

12

Also safe

Are all of these harmful? Are any of these potentially harmful?

No!

  • nly ~14%

harmful (not 59%)

slide-13
SLIDE 13

Evaluating participants’ rules: considering context enables more accurate analysis

743 unique rules 41% Safe 59% Violating

13

Are all of these harmful? Are any of these potentially harmful?

No!

Also safe

Yes!

  • nly ~14%

harmful (not 59%)

slide-14
SLIDE 14

No!

Evaluating participants’ rules: considering context enables more accurate analysis

743 unique rules 41% Safe 59% Violating

14

Yes!

Are any of these potentially harmful?

Also safe

Are all of these harmful?

  • nly ~14%

harmful (not 59%)

then if

create journal entry Alice’s presence is detected

slide-15
SLIDE 15

Evaluating participants’ rules: considering context enables more accurate analysis

743 unique rules 41% Safe 59% Violating

15

Are any of these potentially harmful? Are all of these harmful?

No!

Also safe

20% surveillance risks for incidental users

  • nly ~14%

harmful (not 59%)

Yes!

slide-16
SLIDE 16

○ Many “violating” rules are not harmful ○ “Non-violating” rules could be harmful ○ More in the paper!

How Risky Are Real Users’ IFTTT Applets?

Camille Cobb ( @camPossible), Milijana Surbatovich, Anna Kawakami, Mahmood Sharif, Lujo Bauer, Anupam Das, Limin Jia

  • Real user data → New insights about risks & harms