On the road with third-party apps: Security analysis of an in-vehicle app platform

Digitalization has revolutionized the automotive industry. Modern cars are equipped with powerful Internetconnected infotainment systems, comparable to tablets and smartphones. Recently, several car manufacturers have announced the upcoming possibility to install third-party apps onto these infotainment systems. The prospect of running third-party code on a device that is integrated into a safety critical in-vehicle system raises serious concerns for safety, security, and user privacy. This paper investigates these concerns of in-vehicle apps. We focus on apps for the Android Automotive operating system which several car manufacturers have opted to use. While the architecture inherits much from regular Android, we scrutinize the adequateness of its security mechanisms with respect to the in-vehicle setting, particularly affecting road safety and user privacy. We investigate the attack surface and vulnerabilities for third-party in-vehicle apps. We analyze and suggest enhancements to such traditional Android mechanisms as app permissions and API control. Further, we investigate operating system support and how static and dynamic analysis can aid automatic vetting of in-vehicle apps. We develop AutoTame, a tool for vehicle-specific code analysis. We report on a case study of the countermeasures with a Spotify app using emulators and physical test beds from Volvo Cars

Smartphone: The Ultimate IoT and IoE Device

Internet of Things (IoT) and Internet of Everything (IoE) are emerging communication concepts that will interconnect a variety of devices (including smartphones, home appliances, sensors, and other network devices), people, data, and processes and allow them to communicate with each other seamlessly. These new concepts can be applied in many application domains such as healthcare, transportation, and supply chain management (SCM), to name a few, and allow users to get real-time information such as location-based services, disease management, and tracking. The smartphone-enabling technologies such as built-in sensors, Bluetooth, radio-frequency identification (RFID) tracking, and near-field communications (NFC) allow it to be an integral part of IoT and IoE world and the mostly used device in these environments. However, its use imposes severe security and privacy threats, because the smartphone usually contains and communicates sensitive private data. In this chapter, we provide a comprehensive survey on IoT and IoE technologies, their application domains, IoT structure and architecture, the use of smartphones in IoT and IoE, and the difference between IoT networks and mobile cellular networks. We also provide a concise overview of future opportunities and challenges in IoT and IoE environments and focus more on the security and privacy threats of using the smartphone in IoT and IoE networks with a suggestion of some countermeasures

Socio-technical analysis and design of digital workplaces to foster employee health

Recent socio-technical developments caused by ongoing digitalization (e.g., robotic process automation, artificial intelligence, anthropomorphic systems) or the COVID-19 pandemic (e.g., an increasing number of remote working employees and hence, increasing number of virtual collaboration) change the work environment and culture. Digital and smart workplace technol-ogies facilitate business processes and provide tools for efficient communication and (virtual) collaboration, “increasing the productivity of the workforce in the information age” (Attaran et al. 2019, p. 1). Especially in times of the COVID-19 pandemic, digital technologies play a crucial role in keeping us socially close, connected, and collaborative while increasing the phys-ical distance between humans. However, this development affects the health of employees (Tarafdar et al. 2013). In research, for example, it has long been known that the increased usage of digital technologies and media (DTM) may cause stress, leading to potentially harmful reac-tions in individuals. Research has noted this specific form of stress as technostress (Ayyagari et al. 2011; Tarafdar et al. 2007; Tarafdar et al. 2011; Tarafdar et al. 2019), which is an umbrella term for causes, negative organizational outcomes, and negative humanistic outcomes resulting from the use of DTM at work. The simultaneous consideration of humanistic (e.g., well-being, equality) and organizational outcomes (e.g., efficiency, productivity) is an integral part of a socio-technical system (Beath et al. 2013; Mumford 2006), which is at the core of the IS discipline (Bostrom et al. 2009; Chiasson and Davidson 2005). However, a review from Sarker et al. (2019) regarding published research articles in one of the top journals within the IS community revealed that most reviewed studies (91%) had focused exclusively on instrumental goals. They conclude that “many IS researchers have forgotten or ignored the premise that technologies need to benefit humankind overall (Majchrzak et al. 2016), not just their economic condition” (Sarker et al. 2019, p. 705). Especially as humanistic outcomes can lead to even more positive instrumental outcomes. Hence, Sarker et al. (2019) call for focusing on the connection between humanistic and instru-mental outcomes, enabling a positive synergy resulting from this interplay. For this reason, this dissertation adopts a socio-technical perspective. It aims to conduct re-search that links instrumental outcomes with humanistic objectives to ultimately achieve a healthier use of DTMs at the digital workplace. It is important to note that the socio-technical perspective considers both the technical component and the social component privileging nei-ther one of them and sees outcomes resulting from the reciprocal interaction between those two.Therefore, the dissertation focuses on the interaction while applying pluralistic methodological approaches from qualitative (e.g., semi-structured interviews, focus group discussions) and quantitative research (e.g., collection from a field study or survey research). It provides a theo-retical contribution applying both behavioral research (i.e., analysis of cause-and-effect rela-tionships) and design-oriented research (i.e., instructions for designing socio-technical information systems). Overall, this work addresses four different areas within the reciprocal interaction between the social and technical components: the role of the technical component, the role of the social component, DTMs fostering a fit between the technical and social compo-nents, and the imminent misfit between these two due to ongoing digitalization. First, to contribute to an understanding of the technical component’s role, this thesis presents new knowledge on the characteristics and features of DTM and their influence on employee health and productivity. Research on the design of digital workplaces examined different design approaches, in which information exchange and sharing documents or project support were regarded (Williams and Schubert 2018). However, the characteristics of DTM also play an es-sential role in the emergence of technostress (Dardas and Ahmad 2015). This thesis presents ten characteristics of DTM that affect technostress at an individual’s workplace, including a measurement scale and analysis on how these characteristics affect technostress. Besides, also, the provision of functional features by DTMs can affect instrumental outcomes or humanistic objectives. For example, affording users with certain kinds of autonomy regarding the config-uration of DTM while they work towards their goals could have a tremendous effect on pursu-ing goals and well-being (Patall et al. 2008; Ryan and Deci 2000). Therefore, this thesis presents knowledge regarding the design of DTM on the benefits of affording users with autonomy. Furthermore, it shows that merely affording more autonomy can have positive effects above and beyond the positive effects of the actualization of affordance. Second, to contribute to an understanding of the social component’s role, this thesis presents new knowledge on contextual and individual factors of social circumstances and their influence on employee health and productivity. In this context, the influence of the COVID-19 pandemic on the intensity of technostress among employees is considered, as work became more digital almost overnight. Therefore, this thesis provides empirical insights into digital work and its context in times of the COVID-19 pandemic and its effect on employees’ well-being, health, and productivity. Furthermore, measures to steer the identified effects if the situation in the course of the COVID-19 pandemic persists or comparable disruptive situations should re-occur are discussed. On the other hand, this research takes a closer look at the effect of an individual preference regarding coping styles in dealing with upcoming technostress. A distinction is made between the effects of two different coping styles, namely active-functional and dysfunctional, on strain as a humanistic outcome and productivity as an instrumental outcome. In the course of this, evidence is provided that coping moderates the relationship between the misfit within the socio-technical system and strain as proposed by the psychological theory of job demands-resources model (Demerouti et al. 2001). Third, to contribute to a successful fit between the technical and social components, this thesis presents frameworks and guidelines on the design of DTM, which understand the social com-ponent (here the user and her/his environment) and adjust accordingly to the needs of their users. Therefore, the thesis provides knowledge on the design of DTMs that support users in applying stress management techniques and build the foundation for stress-sensitive systems (i.e., systems that aim to mitigate stress by applying intervention measures on the social and technical component (Adam et al. 2017)). As a matter of fact, a framework for collecting and storing data (e.g., on the user and her/his environment) is developed and experiences with im-plementing a prototype for life-integrated stress assessment are reported. The experiences from this and the existing knowledge in the literature will finally be aggregated to a mid-range design theory for mobile stress assessment. To contribute to the fourth and last aspect, the imminent misfit within the socio-technical sys-tem due to ongoing digitalization, this thesis presents new knowledge regarding digital work demands that potentially affect both employees’ health and instrumental outcomes. The current version of technostress’s theoretical foundation was introduced more than ten years ago by Tarafdar et al. (2007). However, the interaction with and use of DTM has considerably changed along with the societal and individual expectations. Therefore, this thesis puts the current con-cept of technostress to test. As a result, a new theory of digital stress, as an extension of the concept of technostress, is proposed with twelve dimensions – instead of five dimensions within the concept of Tarafdar et al. (2007) – that could be hierarchically structured in four higher-order factors. This theory holistically addresses the current challenges that employees have to deal with digitalization. To sum up, this dissertation contributes to the IS community’s knowledge base by providing knowledge regarding the interaction between employees and their digital workplace to foster the achievement of humanistic and instrumental outcomes. It provides both behavioral research and design-oriented research while using pluralistic methodological approaches. For this pur-pose, this thesis presents knowledge about the different components within the socio-technical system, design knowledge on DTMs fostering the fit between these components, and an under-standing of an upcoming misfit due to the ongoing digitalization. Overall, this research aims to support the successful change towards a healthy digital workplace in the face of digitalization

The Internet of Things Will Thrive by 2025

This report is the latest research report in a sustained effort throughout 2014 by the Pew Research Center Internet Project to mark the 25th anniversary of the creation of the World Wide Web by Sir Tim Berners-LeeThis current report is an analysis of opinions about the likely expansion of the Internet of Things (sometimes called the Cloud of Things), a catchall phrase for the array of devices, appliances, vehicles, wearable material, and sensor-laden parts of the environment that connect to each other and feed data back and forth. It covers the over 1,600 responses that were offered specifically about our question about where the Internet of Things would stand by the year 2025. The report is the next in a series of eight Pew Research and Elon University analyses to be issued this year in which experts will share their expectations about the future of such things as privacy, cybersecurity, and net neutrality. It includes some of the best and most provocative of the predictions survey respondents made when specifically asked to share their views about the evolution of embedded and wearable computing and the Internet of Things

Security Analysis of Web and Embedded Applications

As we put more trust in the computer systems we use the need for securityis increasing. And while security features like HTTPS are becomingcommonplace on the web, securing applications remains dicult. This thesisfocuses on analyzing dierent computer ecosystems to detect vulnerabilitiesand develop countermeasures. This includesweb browsers,web applications,and cyber-physical systems such as Android Automotive.For web browsers, we analyze how new security features might solve aproblem but introduce new ones. We show this by performing a systematicanalysis of the new Content Security Policy (CSP) directive navigate-to.In our research, we nd that it does introduce new vulnerabilities, to whichwe recommend countermeasures. We also create AutoNav, a tool capable ofautomatically suggesting navigation policies for this directive.To improve the security of web applications, we develop a novel blackboxmethod by combining the strengths of dierent black-box methods. Weimplement this in our scanner Black Widow, which we compare with otherleading web application scanners. Black Widow both improves the coverageof the web application and nds more vulnerabilities, including ones inPrestashop, WordPress, and HotCRP.For embedded systems,We analyze the new attack vectors introduced bycombining a phone OS with vehicle APIs and nd new attacks pertaining tosafety, privacy, and availability. Furthermore, we create AutoTame, which isdesigned to analyze third-party apps for vehicles for the vulnerabilities wefound

Minds Online: The Interface between Web Science, Cognitive Science, and the Philosophy of Mind

Alongside existing research into the social, political and economic impacts of the Web, there is a need to study the Web from a cognitive and epistemic perspective. This is particularly so as new and emerging technologies alter the nature of our interactive engagements with the Web, transforming the extent to which our thoughts and actions are shaped by the online environment. Situated and ecological approaches to cognition are relevant to understanding the cognitive significance of the Web because of the emphasis they place on forces and factors that reside at the level of agent–world interactions. In particular, by adopting a situated or ecological approach to cognition, we are able to assess the significance of the Web from the perspective of research into embodied, extended, embedded, social and collective cognition. The results of this analysis help to reshape the interdisciplinary configuration of Web Science, expanding its theoretical and empirical remit to include the disciplines of both cognitive science and the philosophy of mind

Towards Modular and Flexible Access Control on Smart Mobile Devices

Smart mobile devices, such as smartphones and tablets, have become an integral part of our daily personal and professional lives. These devices are connected to a wide variety of Internet services and host a vast amount of applications, which access, store and process security- and privacy-sensitive data. A rich set of sensors, ranging from microphones and cameras to location and acceleration sensors, allows these applications and their back end services to reason about user behavior. Further, enterprise administrators integrate smart mobile devices into their IT infrastructures to enable comfortable work on the go. Unsurprisingly, this abundance of available high-quality information has made smart mobile devices an interesting target for attackers, and the number of malicious and privacy-intrusive applications has steadily been rising. Detection and mitigation of such malicious behavior are in focus of mobile security research today. In particular, the Android operating system has received special attention by both academia and industry due to its popularity and open-source character. Related work has scrutinized its security architecture, analyzed attack vectors and vulnerabilities and proposed a wide variety of security extensions. While these extensions have diverse goals, many of them constitute modifications of the Android operating system and extend its default permission-based access control model. However, they are not generic and only address specific security and privacy concerns. The goal of this dissertation is to provide generic and extensible system-centric access control architectures, which can serve as a solid foundation for the instantiation of use-case specific security extensions. In doing so, we enable security researchers, enterprise administrators and end users to design, deploy and distribute security extensions without further modification of the underlying operating system. To achieve this goal, we first analyze the mobile device ecosystem and discuss how Android's security architecture aims to address its inherent threats. We proceed to survey related work on Android security, focusing on system-centric security extensions, and derive a set of generic requirements for extensible access control architectures targeting smart mobile devices. We then present two extensible access control architectures, which address these requirements by providing policy-based and programmable interfaces for the instantiation of use-case specific security solutions. By implementing a set of practical use-cases, ranging from context-aware access control, dynamic application behavior analysis to isolation of security domains we demonstrate the advantages of system-centric access control architectures over application-layer approaches. Finally, we conclude this dissertation by discussing an alternative approach, which is based on application-layer deputies and can be deployed whenever practical limitations prohibit the deployment of system-centric solutions

Analyzing & designing the security of shared resources on smartphone operating systems

Smartphone penetration surpassed 80% in the US and nears 70% in Western Europe. In fact, smartphones became the de facto devices users leverage to manage personal information and access external data and other connected devices on a daily basis. To support such multi-faceted functionality, smartphones are designed with a multi-process architecture, which enables third-party developers to build smartphone applications which can utilize smartphone internal and external resources to offer creative utility to users. Unfortunately, such third-party programs can exploit security inefficiencies in smartphone operating systems to gain unauthorized access to available resources, compromising the confidentiality of rich, highly sensitive user data. The smartphone ecosystem, is designed such that users can readily install and replace applications on their smartphones. This facilitates users’ efforts in customizing the capabilities of their smartphones tailored to their needs. Statistics report an increasing number of available smartphone applications— in 2017 there were approximately 3.5 million third-party apps on the official application store of the most popular smartphone platform. In addition we expect users to have approximately 95 such applications installed on their smartphones at any given point. However, mobile apps are developed by untrusted sources. On Android—which enjoys 80% of the smartphone OS market share—application developers are identified based on self-sign certificates. Thus there is no good way of holding a developer accountable for a malicious behavior. This creates an issue of multi-tenancy on smartphones where principals from diverse untrusted sources share internal and external smartphone resources. Smartphone OSs rely on traditional operating system process isolation strategies to confine untrusted third-party applications. However this approach is insufficient because incidental seemingly harmless resources can be utilized by untrusted tenants as side-channels to bypass the process boundaries. Smartphones also introduced a permission model to allow their users to govern third-party application access to system resources (such as camera, microphone and location functionality). However, this permission model is both coarse-grained and does not distinguish whether a permission has been declared by a trusted or an untrusted principal. This allows malicious applications to perform privilege escalation attacks on the mobile platform. To make things worse, applications might include third- party libraries, for advertising or common recognition tasks. Such libraries share the process address space with their host apps and as such can inherit all the privileges the host app does. Identifying and mitigating these problems on smartphones is not a trivial process. Manual analysis on its own of all mobile apps is cumbersome and impractical, code analysis techniques suffer from scalability and coverage issues, ad-hoc approaches are impractical and susceptible to mistakes, while sometimes vulnerabilities are well hidden at the interplays between smartphone tenants and resources. In this work I follow an analytical approach to discover major security and privacy issues on smartphone platforms. I utilize the Android OS as a use case, because of its open-source nature but also its popularity. In particular I focus on the multi-tenancy characteristic of smartphones and identify the re- sources each tenant within a process, across processes and across devices can access. I design analytical tools to automate the discovery process, attacks to better understand the adversary models, and introduce design changes to the participating systems to enable robust fine-grained access control of resources. My approach revealed a new understanding of the threats introduced from third-party libraries within an application process; it revealed new capabilities of the mobile application adversary exploiting shared filesystem and permission resources; and shows how a mobile app adversary can exploit shared communication mediums to compromise the confidentiality of the data collected by external devices (e.g. fitness and medical accessories, NFC tags etc.). Moreover, I show how we can eradicate these problems following an architectural design approach to introduce backward-compatible, effective and efficient modifications in operating systems to achieve fine-grained application access to shared resources. My work has let to security changes in the official release of Android by Google

Retrofitting privacy controls to stock Android

Android ist nicht nur das beliebteste Betriebssystem für mobile Endgeräte, sondern auch ein ein attraktives Ziel für Angreifer. Um diesen zu begegnen, nutzt Androids Sicherheitskonzept App-Isolation und Zugangskontrolle zu kritischen Systemressourcen. Nutzer haben dabei aber nur wenige Optionen, App-Berechtigungen gemäß ihrer Bedürfnisse einzuschränken, sondern die Entwickler entscheiden über zu gewährende Berechtigungen. Androids Sicherheitsmodell kann zudem nicht durch Dritte angepasst werden, so dass Nutzer zum Schutz ihrer Privatsphäre auf die Gerätehersteller angewiesen sind. Diese Dissertation präsentiert einen Ansatz, Android mit umfassenden Privatsphäreeinstellungen nachzurüsten. Dabei geht es konkret um Techniken, die ohne Modifikationen des Betriebssystems oder Zugriff auf Root-Rechte auf regulären Android-Geräten eingesetzt werden können. Der erste Teil dieser Arbeit etabliert Techniken zur Durchsetzung von Sicherheitsrichtlinien für Apps mithilfe von inlined reference monitors. Dieser Ansatz wird durch eine neue Technik für dynamic method hook injection in Androids Java VM erweitert. Schließlich wird ein System eingeführt, das prozessbasierte privilege separation nutzt, um eine virtualisierte App-Umgebung zu schaffen, um auch komplexe Sicherheitsrichtlinien durchzusetzen. Eine systematische Evaluation unseres Ansatzes konnte seine praktische Anwendbarkeit nachweisen und mehr als eine Million Downloads unserer Lösung zeigen den Bedarf an praxisgerechten Werkzeugen zum Schutz der Privatsphäre.Android is the most popular operating system for mobile devices, making it a prime target for attackers. To counter these, Android’s security concept uses app isolation and access control to critical system resources. However, Android gives users only limited options to restrict app permissions according to their privacy preferences but instead lets developers dictate the permissions users must grant. Moreover, Android’s security model is not designed to be customizable by third-party developers, forcing users to rely on device manufacturers to address their privacy concerns. This thesis presents a line of work that retrofits comprehensive privacy controls to the Android OS to put the user back in charge of their device. It focuses on developing techniques that can be deployed to stock Android devices without firmware modifications or root privileges. The first part of this dissertation establishes fundamental policy enforcement on thirdparty apps using inlined reference monitors to enhance Android’s permission system. This approach is then refined by introducing a novel technique for dynamic method hook injection on Android’s Java VM. Finally, we present a system that leverages process-based privilege separation to provide a virtualized application environment that supports the enforcement of complex security policies. A systematic evaluation of our approach demonstrates its practical applicability, and over one million downloads of our solution confirm user demand for privacy-enhancing tools