19,247 research outputs found
InternalBlue - Bluetooth Binary Patching and Experimentation Framework
Bluetooth is one of the most established technologies for short range digital
wireless data transmission. With the advent of wearables and the Internet of
Things (IoT), Bluetooth has again gained importance, which makes security
research and protocol optimizations imperative. Surprisingly, there is a lack
of openly available tools and experimental platforms to scrutinize Bluetooth.
In particular, system aspects and close to hardware protocol layers are mostly
uncovered.
We reverse engineer multiple Broadcom Bluetooth chipsets that are widespread
in off-the-shelf devices. Thus, we offer deep insights into the internal
architecture of a popular commercial family of Bluetooth controllers used in
smartphones, wearables, and IoT platforms. Reverse engineered functions can
then be altered with our InternalBlue Python framework---outperforming
evaluation kits, which are limited to documented and vendor-defined functions.
The modified Bluetooth stack remains fully functional and high-performance.
Hence, it provides a portable low-cost research platform.
InternalBlue is a versatile framework and we demonstrate its abilities by
implementing tests and demos for known Bluetooth vulnerabilities. Moreover, we
discover a novel critical security issue affecting a large selection of
Broadcom chipsets that allows executing code within the attacked Bluetooth
firmware. We further show how to use our framework to fix bugs in chipsets out
of vendor support and how to add new security features to Bluetooth firmware
R2-D2: ColoR-inspired Convolutional NeuRal Network (CNN)-based AndroiD Malware Detections
The influence of Deep Learning on image identification and natural language
processing has attracted enormous attention globally. The convolution neural
network that can learn without prior extraction of features fits well in
response to the rapid iteration of Android malware. The traditional solution
for detecting Android malware requires continuous learning through
pre-extracted features to maintain high performance of identifying the malware.
In order to reduce the manpower of feature engineering prior to the condition
of not to extract pre-selected features, we have developed a coloR-inspired
convolutional neuRal networks (CNN)-based AndroiD malware Detection (R2-D2)
system. The system can convert the bytecode of classes.dex from Android archive
file to rgb color code and store it as a color image with fixed size. The color
image is input to the convolutional neural network for automatic feature
extraction and training. The data was collected from Jan. 2017 to Aug 2017.
During the period of time, we have collected approximately 2 million of benign
and malicious Android apps for our experiments with the help from our research
partner Leopard Mobile Inc. Our experiment results demonstrate that the
proposed system has accurate security analysis on contracts. Furthermore, we
keep our research results and experiment materials on http://R2D2.TWMAN.ORG.Comment: Verison 2018/11/15, IEEE BigData 2018, Seattle, WA, USA, Dec 10-13,
2018. (Accepted
Third Party Tracking in the Mobile Ecosystem
Third party tracking allows companies to identify users and track their
behaviour across multiple digital services. This paper presents an empirical
study of the prevalence of third-party trackers on 959,000 apps from the US and
UK Google Play stores. We find that most apps contain third party tracking, and
the distribution of trackers is long-tailed with several highly dominant
trackers accounting for a large portion of the coverage. The extent of tracking
also differs between categories of apps; in particular, news apps and apps
targeted at children appear to be amongst the worst in terms of the number of
third party trackers associated with them. Third party tracking is also
revealed to be a highly trans-national phenomenon, with many trackers operating
in jurisdictions outside the EU. Based on these findings, we draw out some
significant legal compliance challenges facing the tracking industry.Comment: Corrected missing company info (Linkedin owned by Microsoft). Figures
for Microsoft and Linkedin re-calculated and added to Table
Classification of sporting activities using smartphone accelerometers
In this paper we present a framework that allows for the automatic identification of sporting activities using commonly available smartphones. We extract discriminative informational features from smartphone accelerometers using the Discrete Wavelet Transform (DWT). Despite the poor quality of their accelerometers, smartphones were used as capture devices due to their prevalence in todayās society. Successful classification on this basis potentially makes the technology accessible to both elite and non-elite athletes. Extracted features are used to train different categories of classifiers. No one classifier family has a reportable direct advantage in activity classification problems to date; thus we examine classifiers from each of the most widely used classifier families. We investigate three classification approaches; a commonly used SVM-based approach, an optimized classification model and a fusion of classifiers. We also investigate the effect of changing several of the DWT input parameters, including mother wavelets, window lengths and DWT decomposition levels. During the course of this work we created a challenging
sports activity analysis dataset, comprised of soccer and field-hockey activities. The average maximum F-measure accuracy of 87% was achieved using a fusion of classifiers, which was 6% better than a single classifier model and 23% better than a standard SVM approach
Implementation and Evaluation of a Cooperative Vehicle-to-Pedestrian Safety Application
While the development of Vehicle-to-Vehicle (V2V) safety applications based
on Dedicated Short-Range Communications (DSRC) has been extensively undergoing
standardization for more than a decade, such applications are extremely missing
for Vulnerable Road Users (VRUs). Nonexistence of collaborative systems between
VRUs and vehicles was the main reason for this lack of attention. Recent
developments in Wi-Fi Direct and DSRC-enabled smartphones are changing this
perspective. Leveraging the existing V2V platforms, we propose a new framework
using a DSRC-enabled smartphone to extend safety benefits to VRUs. The
interoperability of applications between vehicles and portable DSRC enabled
devices is achieved through the SAE J2735 Personal Safety Message (PSM).
However, considering the fact that VRU movement dynamics, response times, and
crash scenarios are fundamentally different from vehicles, a specific framework
should be designed for VRU safety applications to study their performance. In
this article, we first propose an end-to-end Vehicle-to-Pedestrian (V2P)
framework to provide situational awareness and hazard detection based on the
most common and injury-prone crash scenarios. The details of our VRU safety
module, including target classification and collision detection algorithms, are
explained next. Furthermore, we propose and evaluate a mitigating solution for
congestion and power consumption issues in such systems. Finally, the whole
system is implemented and analyzed for realistic crash scenarios
A look into the information your smartphone leaks
The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Some smartphone applications (apps) pose a risk to usersā personal information. Events of apps leaking information stored in smartphones illustrate the danger that they present. In this paper, we investigate the amount of personal information leaked during the installation and use of apps when accessing the Internet. We have opted for the implementation of a Man-in-the-Middle proxy to intercept the network traffic generated by 20 popular free apps installed on different smartphones of distinctive vendors. This work describes the technical considerations and requirements for the deployment of the monitoring WiFi network employed during the conducted experiments. The presented results show that numerous mobile and personal unique identifiers, along with personal information are leaked by several of the evaluated apps, commonly during the installation process
- ā¦