Milijana Surbatovich
Lujo Bauer
ABSTRACT
The use of end-user programming, such as if-this-then-that (IFTTT), is becoming increasingly common. Services like IFTTT allow users to easily create new functionality by connecting arbitrary Internet-of-Things (IoT) devices and online services using simple if-then rules, commonly known as recipes. However, such convenience at times comes at the cost of security and privacy risks for end users. To gain an in-depth understanding of the potential security and privacy risks, we build an information-flow model to analyze how often IFTTT recipes involve potential integrity or secrecy violations. Our analysis finds that around 50% of the 19,323 unique recipes we examined are potentially unsafe, as they contain a secrecy violation, an integrity violation, or both. We next categorize the types of harm that these potentially unsafe recipes can cause to users. After manually examining a random selection of potentially unsafe recipes, we find that recipes can not only lead to harms such as personal embarrassment but can also be exploited by an attacker, e.g., to distribute malware or carry out denial-of-service attacks. The use of IoT devices and services like IFTTT is expected only to grow in the near future; our analysis suggests users need to be both informed about and protected from these emerging threats to which they could be unwittingly exposing themselves.
- 2016 on IFTTT. https://ifttt.com/blog/2017/01/year-in-review, Accessed Jan. 2017.Google Scholar
- The future is this one-click remote for everything in your life. http://qz.com/346767/ifttt-pares-down-its-automation-service-to-prepare-for-the-one-click-smartwatch-future/ Accessed Oct. 2016.Google Scholar
- Gartner says the Internet of Things will transform the data center.Google Scholar
- How IFTTT is taking a big swing at being a connective tissue for IoT. http://www.techrepublic.com/article/how-fttt-is-taking-a-big-swing-at-bringing-connectedness-to-a-connected-world/ Accessed Oct. 2016.Google Scholar
- How IoT and smart home automation will change the way we live. http://www.businessinsider.com/internet-of-things-smart-home-automation-2016-8 Accessed Feb. 2017.Google Scholar
- IFTTT. https://ifttt.com, Accessed Oct. 2016.Google Scholar
- IFTTT launches 3 "Do" apps to automate photo sharing, tasks, notes; rebrands main app "IF". https://techcrunch.com/2015/02/19/ifttt-launches-3-do-apps-to-automate-photo-sharing-tasks-notes-rebrands-main-app-if/ Accessed Oct. 2016.Google Scholar
- IFTTT services. https://ifttt.com/search/services, Accessed Feb. 2017.Google Scholar
- Prolog. http://www.swi-prolog.org/, Accessed Oct. 2016.Google Scholar
- K. J. Biba. Integrity considerations for secure computer systems. Technical report, MITRE Corp., 04 1977.Google Scholar
- F. Cabitza, D. Fogli, R. Lanzilotti, and A. Piccinno. End-user development in ambient intelligence: A user study. In Proceedings of the 11th Biannual Conference on Italian SIGCHI Chapter, CHI taly 2015, 2015. Google ScholarDigital Library
- X. Chen, C. Lu, R. Shin, M. Chen, and D. Song. An end-to-end approach for natural language to IFTTT program translation. In Proceedings of the 2016 Neural Information Processing Systems (NIPS), NIPS '16, 2016.Google Scholar
- L. De Russis and F. Corno. HomeRules: A tangible end-user programming interface for smart homes. In Proceedings of the 33rd Annual ACM Conference Extended Abstracts on Human Factors in Computing Systems, CHI EA '15, 2015. Google ScholarDigital Library
- D. E. Denning. A lattice model of secure information flow. Commun. ACM, 19(5):236--243, May 1976. Google ScholarDigital Library
- A. K. Dey, T. Sohn, S. Streng, and J. Kodama. iCAP: Interactive prototyping of context-aware applications. In Proceedings of the 4th International Conference on Pervasive Computing, 2006. Google ScholarDigital Library
- M. Egele, C. Kruegel, E. Kirda, and G. Vigna. PiOS: Detecting privacy leaks in iOS applications. In Proceedings of Network and Distributed System Security Symposium, 2011.Google Scholar
- W. Enck, P. Gilbert, S. Han, V. Tendulkar, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Transactions on Computer Systems (TOCS), 32(2):5, 2014. Google ScholarDigital Library
- E. Fernandes, J. Jung, and A. Prakash. Security analysis of emerging smart home applications. In Proceedings of the 2016 IEEE Symposium on Security and Privacy (SP), 2016.Google ScholarCross Ref
- E. Fernandes, J. Paupore, A. Rahmati, D. Simionato, M. Conti, and A. Prakash. FlowFence: Practical data protection for emerging IoT application frameworks. In Proceedings of the 25th USENIX Security Symposium, 2016.Google Scholar
- J. A. Goguen and J. Meseguer. Security policies and security models. In Proceedings of the 1982 IEEE Symposium on Security and Privacy, 1982.Google ScholarCross Ref
- J. Huang and M. Cakmak. Supporting mental model accuracy in trigger-action programming. In Proceedings of the 2015 ACM International Joint Conference on Pervasive and Ubiquitous Computing, UbiComp '15, 2015. Google ScholarDigital Library
- C.-J. M. Liang, B. F. Karlsson, N. D. Lane, F. Zhao, J. Zhang, Z. Pan, Z. Li, and Y. Yu. SIFT: Building an internet of safe things. In Proceedings of the 14th International Conference on Information Processing in Sensor Networks, 2015. Google ScholarDigital Library
- M. Ma, S. M. Preum, W. Tarneberg, M. Ahmed, M. Ruiters, and J. Stankovic. Detection of runtime conflicts among services in smart cities. In Proceedings of 2016 IEEE International Conference on Smart Computing, 2016.Google ScholarCross Ref
- S. Munir and J. A. Stankovic. DepSys: Dependency aware integration of cyber-physical systems for smart homes. In Proceedings of the 5th International Conference on Cyber-Physical Systems, 2014. Google ScholarDigital Library
- A. C. Myers, A. Sabelfeld, and S. Zdancewic. Enforcing robust declassification. In Proceedings of the 17th IEEE Computer Security Foundations Workshop, 2004. Google ScholarDigital Library
- A. A. Nacci, B. Balaji, P. Spoletini, R. Gupta, D. Sciuto, and Y. Agarwal. BuildingRules: A trigger-action based system to manage complex commercial buildings. In Adjunct Proceedings of the 2015 ACM International Joint Conference on Pervasive and Ubiquitous Computing and Proceedings of the 2015 ACM International Symposium on Wearable Computers, 2015. Google ScholarDigital Library
- C. Quirk, R. J. Mooney, and M. Galley. Language to code: Learning semantic parsers for If-This-Then-That recipes. In Proceedings of the 53rd Annual Meeting of the Association for Computational Linguistics (ACL), 2015.Google ScholarCross Ref
- A. Sabelfeld and A. C. Myers. Language-based information-flow security. IEEE Journal on selected areas in communications, 21(1):5--19, 2003. Google ScholarDigital Library
- K. Tada, S. Takahashi, and B. Shizuki. Smart home cards: Tangible programming with paper cards. In Proceedings of the 2016 ACM International Joint Conference on Pervasive and Ubiquitous Computing: Adjunct, UbiComp '16, 2016. Google ScholarDigital Library
- B. Ur, E. McManus, M. Pak Yong Ho, and M. L. Littman. Practical trigger-action programming in the smart home. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI '14, 2014. Google ScholarDigital Library
- B. Ur, M. Pak Yong Ho, S. Brawner, J. Lee, S. Mennicken, N. Picard, D. Schulze, and M. L. Littman. Trigger-action programming in the wild: An analysis of 200,000 IFTTT recipes. In Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems, CHI '16, 2016. Google ScholarDigital Library
- J.-b. Woo and Y.-k. Lim. User experience in Do-it-yourself-style smart homes. In Proceedings of the 2015 ACM International Joint Conference on Pervasive and Ubiquitous Computing, UbiComp '15, 2015. Google ScholarDigital Library
- S. A. Zdancewic. Programming Languages for Information Security. PhD thesis, 2002. Google ScholarDigital Library
Index Terms
- Some Recipes Can Do More Than Spoil Your Appetite: Analyzing the Security and Privacy Risks of IFTTT Recipes
Comments