13 research outputs found
Using Hover to Compromise the Confidentiality of User Input on Android
We show that the new hover (floating touch) technology, available in a number
of today's smartphone models, can be abused by any Android application running
with a common SYSTEM_ALERT_WINDOW permission to record all touchscreen input
into other applications. Leveraging this attack, a malicious application
running on the system is therefore able to profile user's behavior, capture
sensitive input such as passwords and PINs as well as record all user's social
interactions. To evaluate our attack we implemented Hoover, a proof-of-concept
malicious application that runs in the system background and records all input
to foreground applications. We evaluated Hoover with 40 users, across two
different Android devices and two input methods, stylus and finger. In the case
of touchscreen input by finger, Hoover estimated the positions of users' clicks
within an error of 100 pixels and keyboard input with an accuracy of 79%.
Hoover captured users' input by stylus even more accurately, estimating users'
clicks within 2 pixels and keyboard input with an accuracy of 98%. We discuss
ways of mitigating this attack and show that this cannot be done by simply
restricting access to permissions or imposing additional cognitive load on the
users since this would significantly constrain the intended use of the hover
technology.Comment: 11 page
Security Code Smells in Android ICC
Android Inter-Component Communication (ICC) is complex, largely
unconstrained, and hard for developers to understand. As a consequence, ICC is
a common source of security vulnerability in Android apps. To promote secure
programming practices, we have reviewed related research, and identified
avoidable ICC vulnerabilities in Android-run devices and the security code
smells that indicate their presence. We explain the vulnerabilities and their
corresponding smells, and we discuss how they can be eliminated or mitigated
during development. We present a lightweight static analysis tool on top of
Android Lint that analyzes the code under development and provides just-in-time
feedback within the IDE about the presence of such smells in the code.
Moreover, with the help of this tool we study the prevalence of security code
smells in more than 700 open-source apps, and manually inspect around 15% of
the apps to assess the extent to which identifying such smells uncovers ICC
security vulnerabilities.Comment: Accepted on 28 Nov 2018, Empirical Software Engineering Journal
(EMSE), 201
Defending Substitution-Based Profile Pollution Attacks on Sequential Recommenders
While sequential recommender systems achieve significant improvements on
capturing user dynamics, we argue that sequential recommenders are vulnerable
against substitution-based profile pollution attacks. To demonstrate our
hypothesis, we propose a substitution-based adversarial attack algorithm, which
modifies the input sequence by selecting certain vulnerable elements and
substituting them with adversarial items. In both untargeted and targeted
attack scenarios, we observe significant performance deterioration using the
proposed profile pollution algorithm. Motivated by such observations, we design
an efficient adversarial defense method called Dirichlet neighborhood sampling.
Specifically, we sample item embeddings from a convex hull constructed by
multi-hop neighbors to replace the original items in input sequences. During
sampling, a Dirichlet distribution is used to approximate the probability
distribution in the neighborhood such that the recommender learns to combat
local perturbations. Additionally, we design an adversarial training method
tailored for sequential recommender systems. In particular, we represent
selected items with one-hot encodings and perform gradient ascent on the
encodings to search for the worst case linear combination of item embeddings in
training. As such, the embedding function learns robust item representations
and the trained recommender is resistant to test-time adversarial examples.
Extensive experiments show the effectiveness of both our attack and defense
methods, which consistently outperform baselines by a significant margin across
model architectures and datasets.Comment: Accepted to RecSys 202
Security Analysis and Evaluation of Smart Toys
During the last years, interconnectivity and merging the physical and digital technological dimensions have become a topic attracting the interest of the modern world. Internet of Things (IoT) is rapidly evolving as it manages to transform physical devices into communicating agents which can consecutively create complete interconnected systems. A sub-category of the IoT technology is smart toys, which are devices with networking capabilities, created for and used in play. Smart toys’ targeting group is usually children and they attempt to provide a higher level of entertainment and education by offering an enhanced and more interactive experience.
Due to the nature and technical limitations of IoT devices, security experts have expressed concerns over the effectiveness and security level of smart devices. The importance of securing IoT devices has an increased weight when it pertains to smart toys, since sensitive information of children and teenagers can potentially be compromised. Furthermore, various security analyses on smart toys have discovered a worryingly high number of important security flaws.
The master thesis focuses on the topic of smart toys’ security by first presenting and analyzing the necessary literature background. Furthermore, it presents a case study where a smart toy is selected and analyzed statically and dynamically utilizing a Raspberry Pi. The aim of this thesis is to examine and apply methods of analysis used in the relevant literature, in order to identify security flaws in the examined smart toy. The smart toy is a fitness band whose target consumers involve children and teenagers. The fitness band is communicating through Bluetooth with a mobile device and is accompanied by a mobile application. The mobile application has been installed and tested on an Android device.
Finally, the analyses as well as their emerged results are presented and described in detail. Several security risks have been identified indicating that developers must increase their efforts in ensuring the optimal level of security in smart toys. Furthermore, several solutions that could minimize security risks and are related to our findings are suggested, along with potentially interesting topics for future work and further research
Integrating TrustZone Protection with Communication Paths for Mobile Operating System
Nowadays, users perform various essential activities through their smartphones, including mobile payment and financial transaction. Therefore, users’ sensitive data processed by smartphones will be at risk if underlying mobile OSes are compromised. A technology called Trusted Execution Environment (TEE) has been introduced to protect sensitive data in the event of compromised OS and hypervisor.
This dissertation points out the limitations of the current design model of mobile TEE, which has a low adoption rate among application developers and has a large size of Trusted Computing Base (TCB). It proposes a new design model for mobile TEE to increase the TEE adoption rate and to decrease the size of TCB. This dissertation applies a new model to protect mobile communication paths in the Android platform. Evaluations are performed to demonstrate the effectiveness of the proposed design model