50 research outputs found

    Automating NFC Message Sending for Good and Evil

    Get PDF
    Near Field Communication (NFC) is an emerging proximity wireless technology used for triggering automatic interactions between mobile devices. In standard NFC usage, one message is sent per device contact, then the devices must be physically separated and brought together again. In this paper, we present a mechanism for automatically sending multiple messages without any need to physically decouple the devices. After an introduction to NFC and related security issues, we discuss the motivation for—and an implementation of—an automation framework for sending repeated NFC messages without any need for human interaction. Then we consider how such an automated mechanism can be used for both a denial of service attack and as a platform for fuzz testing. We present experimental evidence on the efficacy of automated NFC as a vector for achieving these goals. We conclude with suggestions for future work and provide some overall insights

    A Completely Covert Audio Channel in Android

    Get PDF
    Exfilteration of private data is a potential security threat against mobile devices. Previous research concerning such threats has generally focused on techniques that are only valid over short distances (NFC, Bluetooth, electromagnetic emanations, and so on). In this research, we develop and analyze an exfilteration attack that has no distance limitation. Specifically, we take advantage of vulnerabilities in Android that enable us to covertly record and exfilterate a voice call. This paper presents a successful implementation of our attack, which records a call (both uplink and downlink voice streams), and inaudibly transmits the recorded voice over a subsequent inaudible call, without any visual or audio indication given to the victim. We provide a detailed analysis of our attack, and we suggest possible counter measures to thwart similar attacks

    User-side wi-fi hotspot spoofing detection on android-based devices

    Get PDF
    A Dissertation Submitted in Partial Fulfilment of the Requirements for the Degree of Master’s in Wireless and Mobile Computing of the Nelson Mandela African Institution of Science and TechnologyNetwork spoofing is becoming a common attack in wireless networks. Similarly, there is a rapid growth of numbers in mobile devices in the working environments. The trends pose a huge threat to users since they become the prime target of attackers. More unfortunately, mobile devices have weak security measures due to their limited computational powers, making them an easy target for attackers. Current approaches to detect spoofing attacks focus on personal computers and rely on the network hosts’ capacity, leaving users with mobile devices at risk. Furthermore, some approaches on Android-based devices demand root privilege, which is highly discouraged. This research aims to study users' susceptibility to network spoofing attacks and propose a detection solution in Android-based devices. The presented approach considers the difference in security information and signal levels of an access point to determine its legitimacy. On the other hand, it tests the legitimacy of the captive portal with fake login credentials since, usually, fake captive portals do not authenticate users. The detection approaches are presented in three networks: (a) open networks, (b) closed networks and (c) networks with captive portals. As a departure from existing works, this solution does not require root access for detection, and it is developed for portability and better performance. Experimental results show that this approach can detect fake access points with an accuracy of 98% and 99% at an average of 24.64 and 7.78 milliseconds in open and closed networks, respectively. On the other hand, it can detect the existence of a fake captive portal at an accuracy of 88%. Despite achieving this performance, the presented detection approach does not cover APs that do not mimic legitimate APs. As an improvement, future work may focus on pcap files which is rich of information to be used in detection

    pDroid

    Get PDF
    When an end user attempts to download an app on the Google Play Store they receive two related items that can be used to assess the potential threats of an application, the list of permissions used by the application and the textual description of the application. However, this raises several concerns. First, applications tend to use more permissions than they need and end users are not tech-savvy enough to fully understand the security risks. Therefore, it is challenging to assess the threats of an application fully by only seeing the permissions. On the other hand, most textual descriptions do not clearly define why they need a particular permission. These two issues conjoined make it difficult for end users to accurately assess the security threats of an application. This has lead to a demand for a framework that can accurately determine if a textual description adequately describes the actual behavior of an application. In this Master Thesis, we present pDroid (short for privateDroid), a market-independent framework that can compare an Android application’s textual description to its internal behavior. We evaluated pDroid using 1562 benign apps and 243 malware samples, and pDroid correctly classified 91.4% of malware with a false positive rate of 4.9%

    Tradução e acessibilidade : relatório de estágio curricular na electrosertec

    Get PDF
    O presente relatório de estágio foi elaborado após a conclusão do estágio na empresa Electrosertec e tem como objetivo a descrição e análise de questões de tradução que foram surgindo ao longo do trabalho realizado. Os dois manuais em análise são o manual de instruções do smartphone SmartVision2, intitulado SmartVision2 User Guide, e o guia de acessibilidade em videojogos intitulado Includification: A Practical Guide to Game Accessibility. O objetivo principal do presente relatório é não só a análise de algumas questões de tradução que foram surgindo ao longo do estágio, mas também trabalhar a importância de escolhas de tradução para a tradução de manuais especificamente relacionados com a acessibilidade na tecnologia. Acrescenta-se que a acessibilidade na área dos videojogos é, de momento, pouco explorada a nível académico, apesar da sua relevância prática e social. O presente relatório está dividido em três partes, para além da introdução e considerações finais. O Capítulo I consiste em noções de tradução, com maior foco na tradução técnica, e também se apresentam noções relacionadas com a problemática da tradução de videojogos. O Capítulo II contempla dois pontos introdutórios sobre tradução e acessibilidade, seguido da descrição geral de ambos os manuais traduzidos ao longo do estágio, incluindo uma secção relativa à presença de elementos gráficos, imagens e diagramas no guia Includification. O Capítulo III diz respeito às questões sintáticas, pragmáticas e terminológicas. Estas reflexões linguísticas são sempre acompanhadas por exemplos de ambos os manuais em análise e das respetivas traduções.The current report was written after the conclusion of my curricular internship at Electrosertec. Its main objective is to describe and analyse some translation issues encountered during the internship. The two manuals in question are the user manual for the smartphone SmartVision2, titled SmartVision2 User Guide, and the guide to game accessibility titled Includification: A Practical Guide to Game Accessibility, both of which are analysed in this report. The main objective of the current report is not only to analyse some of the translation issues encountered during my internship work, but also to underline the importance of translation choices in manuals specifically related to accessibility in technology. Furthermore, accessibility in videogames is, at the moment, not academically explored, despite its practical and social relevance. The current report is split into three parts, besides the introduction and final remarks. Chapter I consists of translation notions, with particular focus on technical translation. Some notions related to issues of videogame translation are also presented. Chapter II consists of two introductory points about translation and accessibility, followed by a general description of both manuals translated during the internship, including a section related to the presence of graphical elements, images and graphs in the Includification guide. Finally, Chapter III focuses on syntax, pragmatics and terminological issues. These linguistic reflections will be accompanied by examples from both manuals and their respective translations

    STATIC AND DYNAMIC ANALYSES FOR PROTECTING THE JAVA SOFTWARE EXECUTION ENVIRONMENT

    Get PDF
    In my thesis, I present three projects on which I have worked during my Ph.D. studies. All of them focus on software protection in the Java environment with static and dynamic techniques for control-flow and data-dependency analysis. More specifically, the first two works are dedicated to the problem of deserialization of untrusted data in Java. In the first, I present a defense system that was designed for protecting the Java Virtual Machine, along with the results that were obtained. In the second, I present a recent research project that aims at automatic generation of deserialization attacks, to help identifying them and increasing protection. The last discussed work concerns another branch of software protection: the authentication on short-distance channels (or the lack thereof) in Android APKs. In said work, I present a tool that was built for automatically identifying the presence of high-level authentication in Android apps. I thoroughly discuss experiments, limitations and future work for all three projects, concluding with general principles that bring these works together, and can be applied when facing related security issues in high-level software protection

    Designing digital and physical interactions for the Digital Public Space

    Get PDF
    Over the course of the last decade there has been a perceivable shift in the way interactions occur with digital systems with a clear preference towards touchscreen based interactions. This move can be attributed in part to the Apple’s iPhone, first introduced in 2007, and whilst not the first touchscreen product, it was the first to lead to widespread adoption and use. This thesis seeks to develop new design interaction methods that recognise that we are moving away from a dominance of digital interactions with screens to one where interactions are supported by everyday things. These devices allow greater perspectives to be gained than when purely interacting by touchscreen. This is presented as an exploration of interaction methods surrounding intermediary objects that are both physical and digital in nature - phygital. Affordances are an important part of how people interact with devices in their everyday life; it is these affordances that let us understand how to use things around us. Affordances are also present in the digital world and are an important part of how the work presented in this thesis analysed the design of the phygital objects and interactions they enabled. This thesis draws on six case studies from a diverse range of projects undertaken as part of The Creative Exchange research project. Beginning with an exploration of current touchscreen interaction methods then moving towards identifying and suggesting new interaction models. Throughout this research, key ideas will be extracted, rationalised and presented individually for each Creative Exchange project, in such a way that allows conclusions to be drawn about physical and digital interactions in the Digital Public Space. Finally, this body of work concludes with a design manifesto which, provides a route away from strict screen interactions to one where more physical Natural User Interfaces that interact with the world. The manifesto will also serve prospective phygital interaction designers in the production of new interactions by identifying key findings such as matching affordances to the phygital objects

    Demystifying Internet of Things Security

    Get PDF
    Break down the misconceptions of the Internet of Things by examining the different security building blocks available in Intel Architecture (IA) based IoT platforms. This open access book reviews the threat pyramid, secure boot, chain of trust, and the SW stack leading up to defense-in-depth. The IoT presents unique challenges in implementing security and Intel has both CPU and Isolated Security Engine capabilities to simplify it. This book explores the challenges to secure these devices to make them immune to different threats originating from within and outside the network. The requirements and robustness rules to protect the assets vary greatly and there is no single blanket solution approach to implement security. Demystifying Internet of Things Security provides clarity to industry professionals and provides and overview of different security solutions What You'll Learn Secure devices, immunizing them against different threats originating from inside and outside the network Gather an overview of the different security building blocks available in Intel Architecture (IA) based IoT platforms Understand the threat pyramid, secure boot, chain of trust, and the software stack leading up to defense-in-depth Who This Book Is For Strategists, developers, architects, and managers in the embedded and Internet of Things (IoT) space trying to understand and implement the security in the IoT devices/platforms

    Selected tales from decentralized finance

    Get PDF
    Doutoramento em Sociologia EconĂłmicainfo:eu-repo/semantics/publishedVersio

    Optimized Monitoring and Detection of Internet of Things resources-constraints Cyber Attacks

    Get PDF
    This research takes place in the context of the optimized monitoring and detec- tion of Internet of Things (IoT) resource-constraints attacks. Meanwhile, the In- ternet of Everything (IoE) concept is presented as a wider extension of IoT. How- ever, the IoE realization meets critical challenges, including the limited network coverage and the limited resources of existing network technologies and smart devices. The IoT represents a network of embedded devices that are uniquely identifiable and have embedded software required to communicate between the transient states. The IoT enables a connection between billions of sensors, actu- ators, and even human beings to the Internet, creating a wide range of services, some of which are mission-critical. However, IoT networks are faulty; things are resource-constrained in terms of energy and computational capabilities. For IoT systems performing a critical mission, it is crucial to ensure connectivity, availability, and device reliability, which requires proactive device state moni- toring. This dissertation presents an approach to optimize the monitoring and detection of resource-constraints attacks in IoT and IoE smart devices. First, it has been shown that smart devices suffer from resource-constraints problems; therefore, using lightweight algorithms to detect and mitigate the resource-constraints at- tack is essential. Practical analysis and monitoring of smart device resources’ are included and discussed to understand the behaviour of the devices before and after attacking real smart devices. These analyses are straightforwardly extended for building lightweight detection and mitigation techniques against energy and memory attacks. Detection of energy consumption attacks based on monitoring the package reception rate of smart devices is proposed to de- tect energy attacks in smart devices effectively. The proposed lightweight algo- rithm efficiently detects energy attacks for different protocols, e.g., TCP, UDP, and MQTT. Moreover, analyzing memory usage attacks is also considered in this thesis. Therefore, another lightweight algorithm is also built to detect the memory-usage attack once it appears and stops. This algorithm considers mon- itoring the memory usage of the smart devices when the smart devices are Idle, Active, and Under attack. Based on the presented methods and monitoring analysis, the problem of resource-constraint attacks in IoT systems is systemat- ically eliminated by parameterizing the lightweight algorithms to adapt to the resource-constraint problems of the smart devices
    corecore