50 research outputs found
Automating NFC Message Sending for Good and Evil
Near Field Communication (NFC) is an emerging proximity wireless technology used for triggering automatic interactions between mobile devices. In standard NFC usage, one message is sent per device contact, then the devices must be physically separated and brought together again. In this paper, we present a mechanism for automatically sending multiple messages without any need to physically decouple the devices. After an introduction to NFC and related security issues, we discuss the motivation for—and an implementation of—an automation framework for sending repeated NFC messages without any need for human interaction. Then we consider how such an automated mechanism can be used for both a denial of service attack and as a platform for fuzz testing. We present experimental evidence on the efficacy of automated NFC as a vector for achieving these goals. We conclude with suggestions for future work and provide some overall insights
A Completely Covert Audio Channel in Android
Exfilteration of private data is a potential security threat against mobile devices. Previous research concerning such threats has generally focused on techniques that are only valid over short distances (NFC, Bluetooth, electromagnetic emanations, and so on). In this research, we develop and analyze an exfilteration attack that has no distance limitation. Specifically, we take advantage of vulnerabilities in Android that enable us to covertly record and exfilterate a voice call. This paper presents a successful implementation of our attack, which records a call (both uplink and downlink voice streams), and inaudibly transmits the recorded voice over a subsequent inaudible call, without any visual or audio indication given to the victim. We provide a detailed analysis of our attack, and we suggest possible counter measures to thwart similar attacks
User-side wi-fi hotspot spoofing detection on android-based devices
A Dissertation Submitted in Partial Fulfilment of the Requirements for the Degree of Master’s in Wireless and Mobile Computing of the Nelson Mandela African Institution of Science and TechnologyNetwork spoofing is becoming a common attack in wireless networks. Similarly, there is a
rapid growth of numbers in mobile devices in the working environments. The trends pose a
huge threat to users since they become the prime target of attackers. More unfortunately,
mobile devices have weak security measures due to their limited computational powers,
making them an easy target for attackers. Current approaches to detect spoofing attacks focus
on personal computers and rely on the network hosts’ capacity, leaving users with mobile
devices at risk. Furthermore, some approaches on Android-based devices demand root
privilege, which is highly discouraged. This research aims to study users' susceptibility to
network spoofing attacks and propose a detection solution in Android-based devices. The
presented approach considers the difference in security information and signal levels of an
access point to determine its legitimacy. On the other hand, it tests the legitimacy of the captive
portal with fake login credentials since, usually, fake captive portals do not authenticate users.
The detection approaches are presented in three networks: (a) open networks, (b) closed
networks and (c) networks with captive portals. As a departure from existing works, this
solution does not require root access for detection, and it is developed for portability and better
performance. Experimental results show that this approach can detect fake access points with
an accuracy of 98% and 99% at an average of 24.64 and 7.78 milliseconds in open and closed
networks, respectively. On the other hand, it can detect the existence of a fake captive portal at
an accuracy of 88%. Despite achieving this performance, the presented detection approach does
not cover APs that do not mimic legitimate APs. As an improvement, future work may focus
on pcap files which is rich of information to be used in detection
pDroid
When an end user attempts to download an app on the Google Play Store they receive two related items that can be used to assess the potential threats of an application, the list of permissions used by the application and the textual description of the application. However, this raises several concerns. First, applications tend to use more permissions than they need and end users are not tech-savvy enough to fully understand the security risks. Therefore, it is challenging to assess the threats of an application fully by only seeing the permissions. On the other hand, most textual descriptions do not clearly define why they need a particular permission. These two issues conjoined make it difficult for end users to accurately assess the security threats of an application. This has lead to a demand for a framework that can accurately determine if a textual description adequately describes the actual behavior of an application. In this Master Thesis, we present pDroid (short for privateDroid), a market-independent framework that can compare an Android application’s textual description to its internal behavior. We evaluated pDroid using 1562 benign apps and 243 malware samples, and pDroid correctly classified 91.4% of malware with a false positive rate of 4.9%
Tradução e acessibilidade : relatório de estágio curricular na electrosertec
O presente relatório de estágio foi elaborado após a conclusão do estágio na empresa
Electrosertec e tem como objetivo a descrição e análise de questões de tradução que foram
surgindo ao longo do trabalho realizado. Os dois manuais em análise são o manual de
instruções do smartphone SmartVision2, intitulado SmartVision2 User Guide, e o guia
de acessibilidade em videojogos intitulado Includification: A Practical Guide to Game
Accessibility.
O objetivo principal do presente relatório é não só a análise de algumas questões de
tradução que foram surgindo ao longo do estágio, mas também trabalhar a importância
de escolhas de tradução para a tradução de manuais especificamente relacionados com a
acessibilidade na tecnologia. Acrescenta-se que a acessibilidade na área dos videojogos
Ă©, de momento, pouco explorada a nĂvel acadĂ©mico, apesar da sua relevância prática e
social.
O presente relatório está dividido em três partes, para além da introdução e considerações
finais. O CapĂtulo I consiste em noções de tradução, com maior foco na tradução tĂ©cnica,
e também se apresentam noções relacionadas com a problemática da tradução de
videojogos.
O CapĂtulo II contempla dois pontos introdutĂłrios sobre tradução e acessibilidade,
seguido da descrição geral de ambos os manuais traduzidos ao longo do estágio, incluindo
uma secção relativa à presença de elementos gráficos, imagens e diagramas no guia
Includification.
O CapĂtulo III diz respeito Ă s questões sintáticas, pragmáticas e terminolĂłgicas. Estas
reflexões linguĂsticas sĂŁo sempre acompanhadas por exemplos de ambos os manuais em
análise e das respetivas traduções.The current report was written after the conclusion of my curricular internship at
Electrosertec. Its main objective is to describe and analyse some translation issues
encountered during the internship. The two manuals in question are the user manual for
the smartphone SmartVision2, titled SmartVision2 User Guide, and the guide to game
accessibility titled Includification: A Practical Guide to Game Accessibility, both of
which are analysed in this report.
The main objective of the current report is not only to analyse some of the translation
issues encountered during my internship work, but also to underline the importance of
translation choices in manuals specifically related to accessibility in technology.
Furthermore, accessibility in videogames is, at the moment, not academically explored,
despite its practical and social relevance.
The current report is split into three parts, besides the introduction and final remarks.
Chapter I consists of translation notions, with particular focus on technical translation.
Some notions related to issues of videogame translation are also presented.
Chapter II consists of two introductory points about translation and accessibility, followed
by a general description of both manuals translated during the internship, including a
section related to the presence of graphical elements, images and graphs in the
Includification guide.
Finally, Chapter III focuses on syntax, pragmatics and terminological issues. These
linguistic reflections will be accompanied by examples from both manuals and their
respective translations
STATIC AND DYNAMIC ANALYSES FOR PROTECTING THE JAVA SOFTWARE EXECUTION ENVIRONMENT
In my thesis, I present three projects on which I have worked during my Ph.D. studies. All of them focus on software protection in the Java environment with static and dynamic techniques for control-flow and data-dependency analysis. More specifically, the first two works are dedicated to the problem of deserialization of untrusted data in Java. In the first, I present a defense system that was designed for protecting the Java Virtual Machine, along with the results that were obtained. In the second, I present a recent research project that aims at automatic generation of deserialization attacks, to help identifying them and increasing protection. The last discussed work concerns another branch of software protection: the authentication on short-distance channels (or the lack thereof) in Android APKs. In said work, I present a tool that was built for automatically identifying the presence of high-level authentication in Android apps. I thoroughly discuss experiments, limitations and future work for all three projects, concluding with general principles that bring these works together, and can be applied when facing related security issues in high-level software protection
Designing digital and physical interactions for the Digital Public Space
Over the course of the last decade there has been a perceivable shift in the way interactions occur with digital systems with a clear preference towards touchscreen based interactions. This move can be attributed in part to the Apple’s iPhone, first introduced in 2007, and whilst not the first touchscreen product, it was the first to lead to widespread adoption and use. This thesis seeks to develop new design interaction methods that recognise that we are moving away from a dominance of digital interactions with screens to one where interactions are supported by everyday things. These devices allow greater perspectives to be gained than when purely interacting by touchscreen. This is presented as an exploration of interaction methods surrounding intermediary objects that are both physical and digital in nature - phygital. Affordances are an important part of how people interact with devices in their everyday life; it is these affordances that let us understand how to use things around us. Affordances are also present in the digital world and are an important part of how the work presented in this thesis analysed the design of the phygital objects and interactions they enabled. This thesis draws on six case studies from a diverse range of projects undertaken as part of The Creative Exchange research project. Beginning with an exploration of current touchscreen interaction methods then moving towards identifying and suggesting new interaction models. Throughout this research, key ideas will be extracted, rationalised and presented individually for each Creative Exchange project, in such a way that allows conclusions to be drawn about physical and digital interactions in the Digital Public Space. Finally, this body of work concludes with a design manifesto which, provides a route away from strict screen interactions to one where more physical Natural User Interfaces that interact with the world. The manifesto will also serve prospective phygital interaction designers in the production of new interactions by identifying key findings such as matching affordances to the phygital objects
Demystifying Internet of Things Security
Break down the misconceptions of the Internet of Things by examining the different security building blocks available in Intel Architecture (IA) based IoT platforms. This open access book reviews the threat pyramid, secure boot, chain of trust, and the SW stack leading up to defense-in-depth. The IoT presents unique challenges in implementing security and Intel has both CPU and Isolated Security Engine capabilities to simplify it. This book explores the challenges to secure these devices to make them immune to different threats originating from within and outside the network. The requirements and robustness rules to protect the assets vary greatly and there is no single blanket solution approach to implement security. Demystifying Internet of Things Security provides clarity to industry professionals and provides and overview of different security solutions What You'll Learn Secure devices, immunizing them against different threats originating from inside and outside the network Gather an overview of the different security building blocks available in Intel Architecture (IA) based IoT platforms Understand the threat pyramid, secure boot, chain of trust, and the software stack leading up to defense-in-depth Who This Book Is For Strategists, developers, architects, and managers in the embedded and Internet of Things (IoT) space trying to understand and implement the security in the IoT devices/platforms
Selected tales from decentralized finance
Doutoramento em Sociologia EconĂłmicainfo:eu-repo/semantics/publishedVersio
Optimized Monitoring and Detection of Internet of Things resources-constraints Cyber Attacks
This research takes place in the context of the optimized monitoring and detec-
tion of Internet of Things (IoT) resource-constraints attacks. Meanwhile, the In-
ternet of Everything (IoE) concept is presented as a wider extension of IoT. How-
ever, the IoE realization meets critical challenges, including the limited network
coverage and the limited resources of existing network technologies and smart
devices. The IoT represents a network of embedded devices that are uniquely
identifiable and have embedded software required to communicate between the
transient states. The IoT enables a connection between billions of sensors, actu-
ators, and even human beings to the Internet, creating a wide range of services,
some of which are mission-critical. However, IoT networks are faulty; things
are resource-constrained in terms of energy and computational capabilities. For
IoT systems performing a critical mission, it is crucial to ensure connectivity,
availability, and device reliability, which requires proactive device state moni-
toring.
This dissertation presents an approach to optimize the monitoring and detection
of resource-constraints attacks in IoT and IoE smart devices. First, it has been
shown that smart devices suffer from resource-constraints problems; therefore,
using lightweight algorithms to detect and mitigate the resource-constraints at-
tack is essential. Practical analysis and monitoring of smart device resources’
are included and discussed to understand the behaviour of the devices before
and after attacking real smart devices. These analyses are straightforwardly
extended for building lightweight detection and mitigation techniques against
energy and memory attacks. Detection of energy consumption attacks based
on monitoring the package reception rate of smart devices is proposed to de-
tect energy attacks in smart devices effectively. The proposed lightweight algo-
rithm efficiently detects energy attacks for different protocols, e.g., TCP, UDP,
and MQTT. Moreover, analyzing memory usage attacks is also considered in
this thesis. Therefore, another lightweight algorithm is also built to detect the
memory-usage attack once it appears and stops. This algorithm considers mon-
itoring the memory usage of the smart devices when the smart devices are
Idle, Active, and Under attack. Based on the presented methods and monitoring
analysis, the problem of resource-constraint attacks in IoT systems is systemat-
ically eliminated by parameterizing the lightweight algorithms to adapt to the
resource-constraint problems of the smart devices