Seminario di Informatica: “Security Issues of Mobile and Smart Wearable Devices”

Mercoledì 22 Novembre 2017, ore 16:30 - Sala Riunioni VII Piano - Hossein Fereidooni


Mercoledì 22 Novembre 2017 alle ore 16:30 in Sala Riunioni VII Piano, Hossein Fereidooni (Università degli Studi di Padova / TU Darmstadt) terrà un seminario dal titolo “Security Issues of Mobile and Smart Wearable Devices”.

Mobile and smart devices (ranging from popular smartphones and tablets to wearable fitness trackers equipped with sensing, computing and networking capabilities) have proliferated lately and redefined the way users carry out their day-to-day activities. These devices bring immense benefits to society and boast improved quality of life for users. As mobile and smart technologies become increasingly ubiquitous, the security of these devices becomes more urgent, and users should take precautions to keep their personal information secure. Privacy has also been called into question as so many of mobile and smart devices collect, process huge quantities of data, and store them on the cloud as a matter of fact. Ensuring confidentiality, integrity, and authenticity of the information is a cybersecurity challenge with no easy solution.
This talk deals with the security problems of mobile and smart devices, providing specific methods for improving current security solutions.
In the first part of this talk, we study methods and techniques to assist security analysts to tackle mobile malware and automate the identification of malicious applications. First, we introduce a Secure Message Delivery (SMD) protocol for Device-to-Device (D2D) networks, with primary objective of choosing the most secure path to deliver a message from a sender to a destination in a multi-hop D2D network. Second, we illustrate a survey to investigate concrete and relevant questions concerning Android code obfuscation and protection techniques, where the purpose is to review code obfuscation and code protection practices. Finally, we propose a Machine Learning-based detection framework to hunt malicious Android apps by introducing a system to detect and classify newly-discovered malware through analyzing applications.
The second part of the talk conducts an in-depth security analysis of the most popular wearable fitness trackers on the market. First, we analyze the primitives governing the communication between fitness tracker and cloud-based services. In addition, we investigate communication requirements in this setting such as: (i) Data Confidentiality, (ii) Data Integrity, and (iii) Data Authenticity. Second, we show real-world demos on how modern wearable devices are vulnerable to false data injection attacks. Also, we document successful injection of falsified data to cloud-based services that appears legitimate to the cloud to obtain personal benefits. Third, we circumvent End-to-End protocol encryption implemented in the most advanced and secure fitness trackers (e.g., Fitbit, as the market leader) through Hardware-based reverse engineering. Last but not least, we provide guidelines for avoiding similar vulnerabilities in future system designs.

