Organizer: Prof. Marc Fischlin
IoT apps empower users by connecting a variety of otherwise unconnected services. Unfortunately, the power of IoT apps can be abused by malicious app makers, unnoticeably to users. We demonstrate that popular IoT app platforms are susceptible to several classes of attacks that violate user privacy, integrity, and availability. We estimate the impact of these attacks by an empirical study. We suggest short/medium-term countermeasures based on fine-grained access control and long-term countermeasures based on information flow tracking. We illustrate our findings on two types of IoT app platforms: user automation apps (as supported by IFTTT, Zapier, and Microsoft Flow) and in-vehicle apps (as supported by Android Automotive).
Andrei Sabelfeld is a Professor in the Department of Computer Science and Engineering at Chalmers University of Technology in Gothenburg, Sweden. Before joining Chalmers as faculty, he was a Research Associate at Cornell University in Ithaca, NY, USA. Andrei Sabelfeld's research ranges from foundations to practice of software security and privacy.
Today, he leads a team of researchers at Chalmers engaged in a number of internationally visible projects on software security, web security, IoT security, and location privacy.