Publications

Filter by type:

Smart speakers, which wait for voice commands and complete tasks for users, are becoming part of common households. While voice commands came with basic functionalities in the earlier days, as the market grew, various commands with critical functionalities were developed; e.g., access banking services, send money, open front door. Such voice commands can cause serious consequences once smart speakers are attacked. Recent research shows that smart speakers are vulnerable to malicious voice commands sent from other speakers (e.g., TV, baby monitor, radio) in the same area. In this work, we propose the SPEAKER-SONAR, a sonar-based liveness detection system for smart speakers. Our approach aims to protect the smart speakers from remote attackers that leverage network-connected speakers to send malicious commands. The key idea of our approach is to make sure that the voice command is indeed coming from the user. For this purpose, the SPEAKER-SONAR emits an inaudible sound and tracks the user’s direction to compare it with the direction of the received voice command. The SPEAKER-SONAR does not require additional action from the user and works through an automatic consistency check. We built the SPEAKER-SONAR on a raspberry pi 3b, a circular microphone array, and a commodity speaker by imitating the Amazon Echo. Our evaluation shows that the SPEAKER-SONAR can reject remote voice attacks with an average accuracy of 95.5% in 2 meters, which significantly raises the bar for remote attackers. To the best of our knowledge, our defense is able to defend against known remote voice attack techniques.
Accepted in the UbiComp 2020 / ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies (IMWUT), 2020.

In Chameleon apps, benign UIs are displayed during Apple App vetting while their hidden potentially-harmful illicit UIs (PHI-UI) are revealed once they reached App Store. In this paper, we report the first systematic study on iOS Chameleon apps, which sheds light on a largely overlooked threat that the illicit activities are launched solely based on UI. Our research employed CHAMELEON-HUNTER, a new static analysis approach that determines the suspiciousness of a PHI-UI leveraging the semantic features generated from iOS app UI and metadata. The approach is based on the observation that PHI-UI not only is structurally hidden but also has notable semantic inconsistency with the benign UI. Our evaluation shows that CHAMELEON-HUNTER is highly effective, achieving 92.6% precision and 94.7% recall. From 28K Apple App Store apps, we found 142 new Chameleon apps, which were confirmed and promptly removed by Apple. Our work reveals that Chameleon apps can easily bypass the App store vetting and conduct a set of suspicious activities including collecting users private information, swindling money with fake monetary services, and leading the user to a pirated app store.
Accepted in the IEEE Transactions on Dependable and Secure Computing (TDSC), 2019.

A new type of malicious crowdsourcing (a.k.a., crowdturfing)clients, mobile apps with hidden crowdturfing user interface(UI), is increasingly being utilized by miscreants to coordinatecrowdturfing workers and publish mobile based crowdturfingtasks (e.g., app ranking manipulation) even on the strictly con-trolled Apple App Store. These apps hide their crowdturfingcontent behind innocent-looking UIs to bypass app vettingand infiltrate the app store. To the best of our knowledge,little has been done so far to understand this new abusiveservice, in terms of its scope, impact and techniques, not tomention any effort to identify such stealthy crowdturfing appson a large scale, particularly on the Apple platform. In thispaper, we report the first measurement study on iOS appswith hidden crowdturfing UIs. Our findings bring to light themobile-based crowdturfing ecosystem (e.g., app promotionfor worker recruitment, campaign identification) and the un-derground developers tricks (e.g., scheme, logic bomb) forevading app vetting.
In USENIX Security, 2019.

Monitoring network behaviors of mobile applications, controlling their resource access and detecting potentially harmful apps are becoming increasingly important for the security protection within today’s organizational, ISP and carriers. For this purpose, apps need to be identi ed from their communication, based upon their individual tra c signatures (called imprints in our research). Creating imprints for a large number of apps is nontrivial, due to the challenges in comprehensively analyzing their network activities at a large …
In CCS, 2017.

A new development of smart-home systems is to use mobile apps to control IoT devices across a Home Area Network (HAN). As veri ed in our study, those systems tend to rely on the Wi-Fi router to authenticate other devices. is treatment exposes them to the attack from malicious apps, particularly those running on authorized phones, which the router does not have information to control. Mitigating this threat cannot solely rely on IoT manufacturers, which may need to change the hardware on the devices to support encryption, increasing …
In WISEC, 2017.

Android allows developers to build apps with app installation functionality themselves with minimal restriction and support like any other functionalities. Given the critical importance of app installation, the security implications of the approach can be significant. This paper reports the first systematic study on this issue, focusing on the security guarantees of different steps of the App Installation Transaction (AIT). We demonstrate the serious consequences of leaving AIT development to individual developers: most installers (eg, …
In DSN, 2017.

It is reported recently that legitimate libraries are repackaged for propagating malware. An in-depth analysis of such potentially-harmful libraries (PhaLibs), however, has never been done before, due to the challenges in identifying those libraries whose code can be unavailable online (eg, removed from the public repositories, spreading underground, etc.). Particularly, for an iOS app, the library it integrates cannot be trivially recovered from its binary code and cannot be analyzed by any publicly available anti-virus (AV) systems. In …
In S&P, 2016.

An app market’s vetting process is expected to be scalable and effective. However, today’s vetting mechanisms are slow and less capable of catching new threats. In our research, we found that a more powerful solution can be found by exploiting the way Android malware is constructed and disseminated, which is typically through repackaging legitimate apps with similar malicious components. As a result, such attack payloads often stand out from those of the same repackaging origin and also show up in the apps not …
In USENIX Security, 2015.

The pervasiveness of security-critical external resources (eg accessories, online services) poses new challenges to Android security. In prior research we revealed that given the BLUETOOTH and BLUETOOTH_ADMIN permissions, a malicious app on an authorized phone gains unfettered access to any Bluetooth device (eg, Blood Glucose meter, etc.). Here we further show that sensitive text messages from online banking services and social networks (account balance, password reset links, etc.) are completely exposed to any app …
In NDSS, 2015.

Android phone manufacturers are under the perpetual pressure to move quickly on their new models, continuously customizing Android to fit their hardware. However, the security implications of this practice are less known, particularly when it comes to the changes made to Android’s Linux device drivers, eg, those for camera, GPS, NFC etc. In this paper, we report the first study aimed at a better understanding of the security risks in this customization process. Our study is based on ADDICTED, a new tool we built for …
In S&P, 2014.

Push messaging is among the most important mobile-cloud services, offering critical supports to a wide spectrum of mobile apps. This service needs to coordinate complicated interactions between developer servers and their apps in a large scale, making it error prone. With its importance, little has been done, however, to understand the security risks of the service. In this paper, we report the first security analysis on those push- messaging services, which reveals the pervasiveness of subtle yet significant security …
In CCS, 2014.