InternalBlue - Bluetooth Binary Patching and Experimentation Framework

Bluetooth is one of the most established technologies for short range digital wireless data transmission. With the advent of wearables and the Internet of Things (IoT), Bluetooth has again gained importance, which makes security research and protocol optimizations imperative. Surprisingly, there is a lack of openly available tools and experimental platforms to scrutinize Bluetooth. In particular, system aspects and close to hardware protocol layers are mostly uncovered. We reverse engineer multiple Broadcom Bluetooth chipsets that are widespread in off-the-shelf devices. Thus, we offer deep insights into the internal architecture of a popular commercial family of Bluetooth controllers used in smartphones, wearables, and IoT platforms. Reverse engineered functions can then be altered with our InternalBlue Python framework---outperforming evaluation kits, which are limited to documented and vendor-defined functions. The modified Bluetooth stack remains fully functional and high-performance. Hence, it provides a portable low-cost research platform. InternalBlue is a versatile framework and we demonstrate its abilities by implementing tests and demos for known Bluetooth vulnerabilities. Moreover, we discover a novel critical security issue affecting a large selection of Broadcom chipsets that allows executing code within the attacked Bluetooth firmware. We further show how to use our framework to fix bugs in chipsets out of vendor support and how to add new security features to Bluetooth firmware

R2-D2: ColoR-inspired Convolutional NeuRal Network (CNN)-based AndroiD Malware Detections

The influence of Deep Learning on image identification and natural language processing has attracted enormous attention globally. The convolution neural network that can learn without prior extraction of features fits well in response to the rapid iteration of Android malware. The traditional solution for detecting Android malware requires continuous learning through pre-extracted features to maintain high performance of identifying the malware. In order to reduce the manpower of feature engineering prior to the condition of not to extract pre-selected features, we have developed a coloR-inspired convolutional neuRal networks (CNN)-based AndroiD malware Detection (R2-D2) system. The system can convert the bytecode of classes.dex from Android archive file to rgb color code and store it as a color image with fixed size. The color image is input to the convolutional neural network for automatic feature extraction and training. The data was collected from Jan. 2017 to Aug 2017. During the period of time, we have collected approximately 2 million of benign and malicious Android apps for our experiments with the help from our research partner Leopard Mobile Inc. Our experiment results demonstrate that the proposed system has accurate security analysis on contracts. Furthermore, we keep our research results and experiment materials on http://R2D2.TWMAN.ORG.Comment: Verison 2018/11/15, IEEE BigData 2018, Seattle, WA, USA, Dec 10-13, 2018. (Accepted

Third Party Tracking in the Mobile Ecosystem

Third party tracking allows companies to identify users and track their behaviour across multiple digital services. This paper presents an empirical study of the prevalence of third-party trackers on 959,000 apps from the US and UK Google Play stores. We find that most apps contain third party tracking, and the distribution of trackers is long-tailed with several highly dominant trackers accounting for a large portion of the coverage. The extent of tracking also differs between categories of apps; in particular, news apps and apps targeted at children appear to be amongst the worst in terms of the number of third party trackers associated with them. Third party tracking is also revealed to be a highly trans-national phenomenon, with many trackers operating in jurisdictions outside the EU. Based on these findings, we draw out some significant legal compliance challenges facing the tracking industry.Comment: Corrected missing company info (Linkedin owned by Microsoft). Figures for Microsoft and Linkedin re-calculated and added to Table

Classification of sporting activities using smartphone accelerometers

In this paper we present a framework that allows for the automatic identification of sporting activities using commonly available smartphones. We extract discriminative informational features from smartphone accelerometers using the Discrete Wavelet Transform (DWT). Despite the poor quality of their accelerometers, smartphones were used as capture devices due to their prevalence in today’s society. Successful classification on this basis potentially makes the technology accessible to both elite and non-elite athletes. Extracted features are used to train different categories of classifiers. No one classifier family has a reportable direct advantage in activity classification problems to date; thus we examine classifiers from each of the most widely used classifier families. We investigate three classification approaches; a commonly used SVM-based approach, an optimized classification model and a fusion of classifiers. We also investigate the effect of changing several of the DWT input parameters, including mother wavelets, window lengths and DWT decomposition levels. During the course of this work we created a challenging sports activity analysis dataset, comprised of soccer and field-hockey activities. The average maximum F-measure accuracy of 87% was achieved using a fusion of classifiers, which was 6% better than a single classifier model and 23% better than a standard SVM approach

Implementation and Evaluation of a Cooperative Vehicle-to-Pedestrian Safety Application

While the development of Vehicle-to-Vehicle (V2V) safety applications based on Dedicated Short-Range Communications (DSRC) has been extensively undergoing standardization for more than a decade, such applications are extremely missing for Vulnerable Road Users (VRUs). Nonexistence of collaborative systems between VRUs and vehicles was the main reason for this lack of attention. Recent developments in Wi-Fi Direct and DSRC-enabled smartphones are changing this perspective. Leveraging the existing V2V platforms, we propose a new framework using a DSRC-enabled smartphone to extend safety benefits to VRUs. The interoperability of applications between vehicles and portable DSRC enabled devices is achieved through the SAE J2735 Personal Safety Message (PSM). However, considering the fact that VRU movement dynamics, response times, and crash scenarios are fundamentally different from vehicles, a specific framework should be designed for VRU safety applications to study their performance. In this article, we first propose an end-to-end Vehicle-to-Pedestrian (V2P) framework to provide situational awareness and hazard detection based on the most common and injury-prone crash scenarios. The details of our VRU safety module, including target classification and collision detection algorithms, are explained next. Furthermore, we propose and evaluate a mitigating solution for congestion and power consumption issues in such systems. Finally, the whole system is implemented and analyzed for realistic crash scenarios

A look into the information your smartphone leaks

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Some smartphone applications (apps) pose a risk to users’ personal information. Events of apps leaking information stored in smartphones illustrate the danger that they present. In this paper, we investigate the amount of personal information leaked during the installation and use of apps when accessing the Internet. We have opted for the implementation of a Man-in-the-Middle proxy to intercept the network traffic generated by 20 popular free apps installed on different smartphones of distinctive vendors. This work describes the technical considerations and requirements for the deployment of the monitoring WiFi network employed during the conducted experiments. The presented results show that numerous mobile and personal unique identifiers, along with personal information are leaked by several of the evaluated apps, commonly during the installation process