Loading Seminars

« All Seminars

  • This seminar has passed.

Information-Flow Analysis for Mobile and Wearable Device Security and Privacy

June 30 (2021) @ 3:00 pm - 4:00 pm

Abstract: Information flow analysis techniques have been widely applied to the analysis of mobile applications. In this talk we will explore how they can be used to study the security and privacy properties in mobile-to-IoT and wearable device interactions. For this, we separate the interaction methods in two main categories: those enabled by the operating system in the form of proprietary APIs (Android Wear) and those that are done directly at a lower level using wireless protocols such as Bluetooth Low Energy. We show how we can instrument Google Play APIs to perform information flow analysis over Android Wear API calls. With this, we can identify what information is being exchanged between the mobile application and its wearable counterpart, being able to reason about possible privacy leakages. When looking at lower level interactions, we analyse how Android implements its Bluetooth Low Energy stack and identify an issue that would allow any application with Bluetooth permissions to access any BLE connected device without the users’ consent. We measure how many BLE-enabled apps are affected by this and provide mitigation recommendations to stakeholders in the BLE ecosystem.

Relevant Publications: RAID 2020 and USENIX Security 2019

Zoom link: https://york-ac-uk.zoom.us/j/94491221399?pwd=dW1lbmxUanhUdCtGOWg2ZjFpOXpMQT09

  • Meeting ID: 944 9122 1399
  • Passcode: 071545

YouTube live stream: https://youtu.be/oU5R7qu-M3w

Details

Date:
June 30 (2021)
Time:
3:00 pm - 4:00 pm
Seminar Tags:
,

Presenter

Jorge Blasco Alis (Royal Holloway University of London)

Dr Jorge Blasco obtained his PhD from Universidad Carlos III de Madrid in 2012. He moved to the UK in 2014 (City, University of London) and joined Royal Holloway, University of London, in 2016. In 2018 he was named the MSc in Information Security Programme director. He is currently the head of the Systems and Software Security Lab (S3Lab). His research focuses on security and privacy issues of app-enabled ecosystems. This research program is underpinned by the development of new methods to identify and track sensitive information-flows on various platforms (Android, IoT, Extension-enabled apps, etc.).

View Presenter Website

Leave a Reply

Your email address will not be published. Required fields are marked *