We studied two psychological principles in the cyber security contexts.
In our daily life, we complete many tasks without paying much attention and thinking actively. We have the tendency to be in this automatic cognitive state, which is known as mindlessness. Mindlessness can occur in interpersonal communication and can even occur when people interact with computers. We identify that mindlessness may be used as an attack. A website, for example, may exploit mindless behavior and acquire personal identity information. Our experiments and study show great impact of mindless behavior.
The unprecedented level of interaction between users and intelligent environments poses unparalleled cyber privacy challenges. We identify a new attack by using reciprocity norms. By mutually exchanging information with users an attacker may use the norm of reciprocity to acquire users’ private information. Our experiments showed that participants were much more willing to provide some types of private information under reciprocity attacks.
Thus, human factors should be taken into consideration when designing security measures to protect people’s privacy.
1. Feng Zhu, Sandra Carpenter, Swapna Kolimi, “Mindlessness Attacks,” 6th International Conference on Applied Human Factors and Ergonomics, Las Vegas, NV, 2015.
2. Feng Zhu, Sandra Carpenter, Ajinkya Kulkarni, Swapna Kolimi, "Reciprocity Attacks," in Symposium On Usable Privacy and Security, Pittsburgh, PA, 2011 (SOUPS 2011).