2,983 research outputs found
Using Hover to Compromise the Confidentiality of User Input on Android
We show that the new hover (floating touch) technology, available in a number
of today's smartphone models, can be abused by any Android application running
with a common SYSTEM_ALERT_WINDOW permission to record all touchscreen input
into other applications. Leveraging this attack, a malicious application
running on the system is therefore able to profile user's behavior, capture
sensitive input such as passwords and PINs as well as record all user's social
interactions. To evaluate our attack we implemented Hoover, a proof-of-concept
malicious application that runs in the system background and records all input
to foreground applications. We evaluated Hoover with 40 users, across two
different Android devices and two input methods, stylus and finger. In the case
of touchscreen input by finger, Hoover estimated the positions of users' clicks
within an error of 100 pixels and keyboard input with an accuracy of 79%.
Hoover captured users' input by stylus even more accurately, estimating users'
clicks within 2 pixels and keyboard input with an accuracy of 98%. We discuss
ways of mitigating this attack and show that this cannot be done by simply
restricting access to permissions or imposing additional cognitive load on the
users since this would significantly constrain the intended use of the hover
technology.Comment: 11 page
COPS: A Compact On-device Pipeline for real-time Smishing detection
Smartphones have become indispensable in our daily lives and can do almost
everything, from communication to online shopping. However, with the increased
usage, cybercrime aimed at mobile devices is rocketing. Smishing attacks, in
particular, have observed a significant upsurge in recent years. This problem
is further exacerbated by the perpetrator creating new deceptive websites
daily, with an average life cycle of under 15 hours. This renders the standard
practice of keeping a database of malicious URLs ineffective. To this end, we
propose a novel on-device pipeline: COPS that intelligently identifies features
of fraudulent messages and URLs to alert the user in real-time. COPS is a
lightweight pipeline with a detection module based on the Disentangled
Variational Autoencoder of size 3.46MB for smishing and URL phishing detection,
and we benchmark it on open datasets. We achieve an accuracy of 98.15% and
99.5%, respectively, for both tasks, with a false negative and false positive
rate of a mere 0.037 and 0.015, outperforming previous works with the added
advantage of ensuring real-time alerts on resource-constrained devices.Comment: Published at IEEE Consumer Communications & Networking Conference
(CCNC) 202
Kemahiran pemikiran komputasional pelajar melalui modul pembelajaran berasaskan teknologi internet pelbagai benda
kemahiran pemikiran komputasional pelajar, ke arah lebih kreatif dan kritis
melalui penggunaan Modul Pembelajaran Berasaskan Teknologi Internet
Pelbagai Benda (MP-IoT) yang telah dibangunkan oleh penyelidik.
Pembangunan MP-IoT mengikut Model ADDIE dan melibatkan Teknologi
Arduino yang diterapkan dalam 5 aktiviti pembelajaran secara amali. Kajian
berbentuk kuantitatif jenis kuasi-eksperimental ini telah dijalankan ke atas 52
orang pelajar Tingkatan 4 dari 2 buah sekolah di daerah Batu Pahat, Johor dan
Kuala Kangsar, Perak. Data pula telah dianalisis secara deskriptif dan inferensi.
Satu set ujian pencapaian pra dan pasca sebagai instrument telah dibangunkan.
Analisis Item Indeks Kesukaran (IK), Indeks Diskriminasi, serta Interprestasi
skor bagi nilai Alpha Cronbach telah digunakan bagi memastikan soalan ujian
pencapaian sesuai digunakan. Manakala dalam proses pembangunan modul
MP-IoT, seramai 6 orang guru dari mata pelajaran Sains Komputer dipilih
sebagai pakar untuk mengenal pasti kesesuaian dari segi format, kandungan dan
kebolehgunaan modul yang dibangunkan Skala Likert lima mata digunakan
dalam kajian ini. Secara keseluruhannya, dapatan kajian menggunakan ujian-T
sampel berpasangan, menunjukkan terdapat perbezaan yang signifikan terhadap
tahap pencapaian pelajar kumpulan kawalan yang didedahkan dengan kaedah
konvensional dengan kumpulan rawatan yang didedahkan dengan modul MPIoT,
dengan
nilai
p-value
adalah
.000 iaitu
kurang
dari
.05 (p<0.05).
Selain
itu,
tahap
kemahiran pemikiran komputasional pelajar juga meningkat setelah
didedahkan dengan modul MP-IoT
- …