Abusability of Automation Apps in Intimate Partner Violence
Shirley Zhang
34th USENIX Security Symposium (USENIX Security '25) · Day 1 · Social Issues and Usable Security and Privacy
This talk, presented by Shirley Zhang at USENIX Security, unveils a critical and often overlooked vector for intimate partner violence (IPV): the weaponization of readily available mobile automation applications. While much research in tech-enabled abuse focuses on overt spyware, this work highlights how powerful, built-in, or easily downloadable apps like iOS Shortcuts, Android Tasker, IFTTT, and Samsung Bixby Routines can be silently reconfigured by abusers to conduct surveillance, impersonation, overloading, and local control attacks against victims. The presentation details the extensive capabilities of these apps, the specific attack patterns they enable, and introduces a novel detection pipeline utilizing large language models (LLMs) to identify malicious automation "recipes" within public repositories.
AI review
Sharp, original work that exposes a genuinely underexplored abuse vector hiding in plain sight. The threat model is tight, the taxonomy is useful, and the LLM-based detection pipeline is a real contribution — not a buzzword garnish. This is the kind of research that makes a vendor's security team quietly update a roadmap item after the conference.