- This seminar has passed.
Information-Flow Analysis for Mobile and Wearable Device Security and Privacy
June 30 (2021) @ 3:00 pm - 4:00 pm
Abstract: Information flow analysis techniques have been widely applied to the analysis of mobile applications. In this talk we will explore how they can be used to study the security and privacy properties in mobile-to-IoT and wearable device interactions. For this, we separate the interaction methods in two main categories: those enabled by the operating system in the form of proprietary APIs (Android Wear) and those that are done directly at a lower level using wireless protocols such as Bluetooth Low Energy. We show how we can instrument Google Play APIs to perform information flow analysis over Android Wear API calls. With this, we can identify what information is being exchanged between the mobile application and its wearable counterpart, being able to reason about possible privacy leakages. When looking at lower level interactions, we analyse how Android implements its Bluetooth Low Energy stack and identify an issue that would allow any application with Bluetooth permissions to access any BLE connected device without the users’ consent. We measure how many BLE-enabled apps are affected by this and provide mitigation recommendations to stakeholders in the BLE ecosystem.
- Meeting ID: 944 9122 1399
- Passcode: 071545
YouTube live stream: https://youtu.be/oU5R7qu-M3w