Keep your memory dump shut: Unveiling data leaks in password managers

Password management has long been a persistently challenging task. This led to the introduction of password management software, which has been around for at least 25 years in various forms, including desktop and browser-based applications. This work assesses the ability of two dozen password managers, 12 desktop applications, and 12 browser-plugins, to effectively protect the confidentiality of secret credentials in six representative scenarios. Our analysis focuses on the period during which a Password Manager (PM) resides in the RAM. Despite the sensitive nature of these applications, our results show that across all scenarios, only three desktop PM applications and two browser plugins do not store plaintext passwords in the system memory. Oddly enough, at the time of writing, only two vendors recognized the exploit as a vulnerability, reserving CVE-2023-23349, while the rest chose to disregard or underrate the issue

Best of Both Worlds: Detecting Application Layer Attacks through 802.11 and Non-802.11 Features

Intrusion detection in wireless and, more specifically, Wi-Fi networks is lately increasingly under the spotlight of the research community. However, the literature currently lacks a comprehensive assessment of the potential to detect application layer attacks based on both 802.11 and non-802.11 network protocol features. The investigation of this capacity is of paramount importance since Wi-Fi domains are often used as a stepping stone by threat actors for unleashing an ample variety of application layer assaults. In this setting, by exploiting the contemporary AWID3 benchmark dataset along with both shallow and deep learning machine learning techniques, this work attempts to provide concrete answers to a dyad of principal matters. First, what is the competence of 802.11-specific and non-802.11 features when used separately and in tandem in detecting application layer attacks, say, website spoofing? Second, which network protocol features are the most informative to the machine learning model for detecting application layer attacks? Without relying on any optimization or dimensionality reduction technique, our experiments, indicatively exploiting an engineered feature, demonstrate a detection performance up to 96.7% in terms of the Area under the ROC Curve (AUC) metric

Let the Cat out of the Bag: Popular Android IoT Apps under Security Scrutiny

The impact that IoT technologies have on our everyday life is indisputable. Wearables, smart appliances, lighting, security controls, and others make our life simpler and more comfortable. For the sake of easy monitoring and administration, such devices are typically accompanied by smartphone apps, which are becoming increasingly popular, and sometimes are even required to operate the device. Nevertheless, the use of such apps may indirectly magnify the attack surface of the IoT device itself and expose the end-user to security and privacy breaches. Therefore, a key question arises: do these apps curtail their functionality to the minimum needed, and additionally, are they secure against known vulnerabilities and flaws? In seek of concrete answers to the aforesaid question, this work scrutinizes more than forty chart-topping Android official apps belonging to six diverse mainstream categories of IoT devices. We attentively analyse each app statically, and almost half of them dynamically, after pairing them with real-life IoT devices. The results collected span several axes, namely sensitive permissions, misconfigurations, weaknesses, vulnerabilities, and other issues, including trackers, manifest data, shared software, and more. The short answer to the posed question is that the majority of such apps still remain susceptible to a range of security and privacy issues, which in turn, and at least to a significant degree, reflects the general proclivity in this ecosystem

WPAxFuzz: Sniffing Out Vulnerabilities in Wi-Fi Implementations

This work attempts to provide a way of scrutinizing the security robustness of Wi-Fi implementations in an automated fashion. To this end, to our knowledge, we contribute the first full-featured and extensible Wi-Fi fuzzer. At the time of writing, the tool, made publicly available as open source, covers the IEEE 802.11 management and control frame types and provides a separate module for the pair of messages of the Simultaneous Authentication of Equals (SAE) authentication and key exchange method. It can be primarily used to detect vulnerabilities potentially existing in wireless Access Points (AP) under the newest Wi-Fi Protected Access 3 (WPA3) certification, but its functionalities can also be exploited against WPA2-compatible APs. Moreover, the fuzzer incorporates: (a) a dual-mode network monitoring module that monitors, in real time, the behavior of the connected AP stations and logs possible service or connection disruptions and (b) an attack tool used to verify any glitches found and automatically craft the corresponding exploit. We present results after testing the fuzzer against an assortment of off-the-shelf APs by different renowned vendors. Adhering to a coordinated disclosure process, we have reported the discovered issues to the affected vendors, already receiving positive feedback from some of them

Dissecting contact tracing apps in the Android platform.

Contact tracing has historically been used to retard the spread of infectious diseases, but if it is exercised by hand in large-scale, it is known to be a resource-intensive and quite deficient process. Nowadays, digital contact tracing has promptly emerged as an indispensable asset in the global fight against the coronavirus pandemic. The work at hand offers a meticulous study of all the official Android contact tracing apps deployed hitherto by European countries. Each app is closely scrutinized both statically and dynamically by means of dynamic instrumentation. Depending on the level of examination, static analysis results are grouped in two axes. The first encompasses permissions, API calls, and possible connections to external URLs, while the second concentrates on potential security weaknesses and vulnerabilities, including the use of trackers, in-depth manifest analysis, shared software analysis, and taint analysis. Dynamic analysis on the other hand collects data pertaining to Java classes and network traffic. The results demonstrate that while overall these apps are well-engineered, they are not free of weaknesses, vulnerabilities, and misconfigurations that may ultimately put the user security and privacy at risk

Demystifying In-Vehicle Intrusion Detection Systems: A Survey of Surveys and a Meta-Taxonomy

Breaches in the cyberspace due to cyber-physical attacks can harm the physical space, and any type of vehicle is an alluring target for wrongdoers for an assortment of reasons. Especially, as the automobiles are becoming increasingly interconnected within the Cooperative Intelligent Transport System (C-ITS) realm and their level of automation elevates, the risk for cyberattacks augments along with the attack surface, thus inexorably rendering the risk of complacency and inaction sizable. Next to other defensive measures, intrusion detection systems (IDS) already comprise an inextricable component of modern automobiles in charge of detecting intrusions in the system while in operation. This work concentrates on in-vehicle IDS with the goal to deliver a fourfold comprehensive survey of surveys on this topic. First, we collect and analyze all existing in-vehicle IDS classifications and fuse them into a simpler, overarching one that can be used as a base for classifying any work in this area. Second, we gather and elaborate on the so-far available datasets which can be possibly used to train and evaluate an in-vehicle IDS. Third, we survey non-commercial simulators which may be utilized for creating a dataset or evaluating an IDS. The last contribution pertains to a thorough exposition of the future trends and challenges in this area. To our knowledge, this work provides the first wholemeal survey on in-vehicle IDS, and it is therefore anticipated to serve as a groundwork and point of reference for multiple stakeholders at varying levels