Leaking data from enterprise networks using a compromised smartwatch device

Shachar Siboni, Asaf Shabtai, Yuval Elovici

Proceedings of the 33rd Annual ACM Symposium on Applied Computing, 741-750, 2018

The recent proliferation of the Internet of Things (IoT) technology poses major security and privacy concerns. Specifically, the use of personal IoT devices, such as tablets, smartphones, and even smartwatches, as part of the Bring Your Own Device (BYOD) trend, may result in severe network security breaches in enterprise environments. Such devices increase the attack surface by weakening the digital perimeter of the enterprise network and opening new points of entry for malicious activities. In this paper we demonstrate a novel attack scenario in an enterprise environment by exploiting the smartwatch device of an innocent employee. The attack scenario establishes a rogue wireless access point using a malicious application running on a capable smartwatch device that imitates a real Wi-Fi direct printer service in the network. Using this scenario, supported by a practical proof of concept, we illustrate how an …