Wrist-Mounted Warning System Helps Wearers Identify Cyber Threats
Think back to a time you stood next to someone when you were abruptly shocked or scared by a sudden occurrence in your environment. How did you communicate that emotion to your companion? If you’re like most, perhaps your first instinct was to grab and squeeze their wrist, signaling the urgency of the warning and the need for them to take some preventative action.
That’s a psychological predisposition that has been examined in the past and the basis for a new approach to cybersecurity developed by researchers at Georgia Tech. Aiming to bring the intangible threats of the cyber world into the real world using a more visceral mode of communication, researchers have developed Spidey Sense, a wrist-mounted haptic device intended for use with smartwatches.
Spidey Sense, which uses various programmable patterns of squeezing sensations to alert users to urgent cybersecurity warnings, has shown to be more effective at communicating often obscure or hard-to-understand threats and could lead to more secure behavior by wearers.
“Unlike threats in the physical world, cyber threats are communicated rationally but not viscerally,” said Youngwook Do, a Ph.D. student in Georgia Tech’s School of Interactive Computing. “People might be able to see that they are navigating a website with an expired SSL certificate the way they might see a red light on a pedestrian crossing, but they may not feel that they shouldn’t proceed to that website the way they would if a friend grabbed their wrist before they attempted to jaywalk.”
Currently, the most common mode of communication of cyber threats is a popup on the computer with a description of the threat that, more often than not, is difficult for the reader to distinguish the warning from other visual information. As a lot of information is communicated through a screen, these warnings tend to fade into the background with the multitude of other similar notifications.
What is needed, Do said, is a mechanism of delivering cybersecurity warnings that bridge the gap between the presence of a cyber threat and the physical perception of that threat while differentiating the communication channel.
Spidey Sense achieves this by taking advantage of an existing wearable – the smartwatch wristband. Building on the foundational knowledge about human instinct to communicate fear or surprise through grabbing the wrist, the team thought this would be an appropriate parallel to use in the cyber world. By connecting the smartwatch to other devices, like a phone or tablet or computer, the haptic feature on the wristband would then be able to communicate to the wearer potential urgent threats they were encountering as they explored the internet.
“On a web browser, we receive so much different information that is delivered to us visually that we often disregard an important security warning,” Do said. “On smartphones, we receive notifications for any messages, news alerts, sports scores. Since all are communicated through a popup on a screen, a chiming sound, or vibrotactile feedback, we may ignore something in there that could be particularly important. We found that squeeze haptics can help improve a user’s ability to distinguish between the two.”
Currently, Spidey Sense is solely a tool for communication, but Do suggested that future work could build on this by exploring modes of detecting security threats, as well.
“Our ultimate goal is to be able to detect and communicate effectively the cyber threats people encounter occasionally,” Do said. “The challenge is having enough data, which we don’t have yet.”
This work is part of a broader effort to create more usable cybersecurity capabilities. It was presented in a paper titled Spidey Sense: Designing Wrist-Mounted Affective Haptics for Communicating Cybersecurity Warnings. In addition to Do, the team includes Linh Thai Hoang, Jung Wook Park, Gregory Abowd, and Sauvik Das.