1,134 research outputs found

    Detecting smartphone state changes through a Bluetooth based timing attack

    Get PDF
    International audienceBluetooth is a popular wireless communication technology that is available on most mobile devices. Although Bluetooth includes security and privacy preserving mechanisms, we show that a Blue-tooth harmless inherent request-response mechanism can taint users privacy. More specifically, we introduce a timing attack that can be triggered by a remote attacker in order to infer information about a Bluetooth device state. By observing the L2CAP layer ping mechanism timing variations, it is possible to detect device state changes, for instance when the device goes in or out of the locked state. Our experimental results show that change point detection analysis of the timing allows to detect device state changes with a high accuracy. Finally, we discuss applications and countermeasures

    Telesonar: Robocall Alarm System by Detecting Echo Channel and Breath Timing

    Get PDF

    Detection of Advanced Bots in Smartphones through User Profiling

    Get PDF
    abstract: This thesis addresses the ever increasing threat of botnets in the smartphone domain and focuses on the Android platform and the botnets using Online Social Networks (OSNs) as Command and Control (C&C;) medium. With any botnet, C&C; is one of the components on which the survival of botnet depends. Individual bots use the C&C; channel to receive commands and send the data. This thesis develops active host based approach for identifying the presence of bot based on the anomalies in the usage patterns of the user before and after the bot is installed on the user smartphone and alerting the user to the presence of the bot. A profile is constructed for each user based on the regular web usage patterns (achieved by intercepting the http(s) traffic) and implementing machine learning techniques to continuously learn the user's behavior and changes in the behavior and all the while looking for any anomalies in the user behavior above a threshold which will cause the user to be notified of the anomalous traffic. A prototype bot which uses OSN s as C&C; channel is constructed and used for testing. Users are given smartphones(Nexus 4 and Galaxy Nexus) running Application proxy which intercepts http(s) traffic and relay it to a server which uses the traffic and constructs the model for a particular user and look for any signs of anomalies. This approach lays the groundwork for the future host-based counter measures for smartphone botnets using OSN s as C&C; channel.Dissertation/ThesisM.S. Computer Science 201

    A tourism overcrowding sensor using multiple radio techniques detection

    Get PDF
    The motivation for this dissertation came from the touristic pressure felt in the historic neighborhoods of Lisbon. This pressure is the result of the rise in the number of touristic arrivals and the proliferation of local accommodation. To mitigate this problem the research project in which this dissertation is inserted aims to disperse the pressure felt by routing the tourists to more sustainable locations and locations that are not crowded. The goal of this dissertation is then to develop a crowding sensor to detect, in real-time, the number of persons in its vicinity by detecting how many smartphones it observes in its readings. The proposed solution aims to detect the wireless trace elements generated by the normal usage of smartphones. The technologies in which the sensor will detect devices are Wi-Fi, Bluetooth and the mobile network. For testing the results gathered by the sensor we developed a prototype that was deployed on our campus and in a museum, during an event with strong attendance. The data gathered was stored in a time-series database and a data visualization tool was used to interpret the results. The overall conclusions of this dissertation are that it is possible to build a sensor that detects nearby devices thereby allowing to detect overcrowding situations. The prototype built allows to detect crowd mobility patterns. The composition of technologies and identity unification are topics deserving future research.A motivação para a presente dissertação surgiu da pressão turística sentida nos bairros históricos de Lisboa. Esta pressão é a consequência de um crescimento do número de turistas e de uma cada vez maior utilização e proliferação do alojamento local. Para mitigar este problema o projeto de investigação em que esta dissertação está inserida pretende dispersar os turistas por locais sustentáveis e que não estejam sobrelotados. O objetivo desta dissertação é o de desenvolver um sensor que consiga detetar, em tempo real, detetar quantas pessoas estão na sua proximidade com base nos smartphones que consegue detetar. A solução proposta tem como objetivo detetar os traços gerados pela normal utilização de um smartphone. As tecnologias nas quais o sensor deteta traços de utilização são Wi-Fi, Bluetooth e a rede móvel. Para realizar os testes ao sensor, foi desenvolvido um protótipo que foi instalado no campus e num museu durante um evento de grande afluência. Os dados provenientes destes testes foram guardados numa base de dados de séries temporais e analisados usando uma ferramenta de visualização de dados. As conclusões obtidas nesta dissertação são que é possível criar um sensor capaz de detetar dispositivos na sua proximidade e detetar situações de sobrelotação/apinhamento. O protótipo contruído permite detectar padrões de mobilidade de multidões. A composição de tecnologias e a unificação de identidade são problemas que requerem investigação futura

    Continuous Authentication for Voice Assistants

    Full text link
    Voice has become an increasingly popular User Interaction (UI) channel, mainly contributing to the ongoing trend of wearables, smart vehicles, and home automation systems. Voice assistants such as Siri, Google Now and Cortana, have become our everyday fixtures, especially in scenarios where touch interfaces are inconvenient or even dangerous to use, such as driving or exercising. Nevertheless, the open nature of the voice channel makes voice assistants difficult to secure and exposed to various attacks as demonstrated by security researchers. In this paper, we present VAuth, the first system that provides continuous and usable authentication for voice assistants. We design VAuth to fit in various widely-adopted wearable devices, such as eyeglasses, earphones/buds and necklaces, where it collects the body-surface vibrations of the user and matches it with the speech signal received by the voice assistant's microphone. VAuth guarantees that the voice assistant executes only the commands that originate from the voice of the owner. We have evaluated VAuth with 18 users and 30 voice commands and find it to achieve an almost perfect matching accuracy with less than 0.1% false positive rate, regardless of VAuth's position on the body and the user's language, accent or mobility. VAuth successfully thwarts different practical attacks, such as replayed attacks, mangled voice attacks, or impersonation attacks. It also has low energy and latency overheads and is compatible with most existing voice assistants
    • …
    corecore