Blog7 - MoST 2016: Mobile Security Technologies 2016 Computers 

MoST 2016: Mobile Security Technologies 2016

Continuing our discussion about our MoST conferences, we move on to 2016. The Mobile Security Technologies 2016 conference was held at The Fairmont Hotel in California. Like every year previously, we aspire to bring together the pioneers and newest minds in the field of research, software development, and policy development.

MoST is always held as part of the IEEE Computer Society Security and Privacy Workshops. On this year, we had Patric McDaniel as our keynote speaker. Professor McDaniel is part of the School of Electrical Engineering and Computer Science at The Pennsylvania State University. He delivered a talk entitled “Learning from Ourselves: Where are we and where can we go in mobile systems security?”

He explored the era of security research of smart mobile systems. He highlighted the lessons learned and lessons that should have been learned. He also touched upon the opportunities and limitations of markets and their providers.

2016 was the year wherein the first session focused up the concepts of risks in mobile transactions, grayware, and target fragmentation. Grayware refers to malicious code or software like adware, spyware, and trackware.

g2 - MoST 2016: Mobile Security Technologies 2016

As more and more end users make use of their devices to do transactions, these became the norm target for hackers. It was said that 10% of Android devices suffer from malware attacks every three months. Malware targets sensitive information like personal banking information. If you make use of your mobile device to look up your account balance, this is exactly what hackers try to gain access to. Certain forms of threats aren’t always so obvious.

The act of shoulder surfing, either physically or with the use of cameras, is a well-known method of stealing your passwords and other sensitive details. Yes, this is a thing. Researchers have found that while more and more individuals are looking into the depths of their devices for potential risks, there is even less thought given to physical risks.

The second session of the MoST 2016 conference focused on browser history stealing and inferring activity from smart home network traffic. Browser history data, particularly the key-logged passwords and usernames are quite valuable. If you’ve ever made the habit of telling your device to “remember this password”, you’re opening yourself up to a vulnerability. Personal websites like dating ones are often the target of hackers. The AsheleyMadison.com hack is one such example.

The third and last session of that day focused on defenses. There was an interesting discussion regarding the classification of Android malware based on their runtime behavior. It is comforting to know that we have budding and established professionals who are working around the clock to determine threats.

g1 - MoST 2016: Mobile Security Technologies 2016

Mitigating threats is one of the key purposes of mobile security. Threats are becoming more sophisticated and smarter each day. It would only make sense if our defense systems were to evolve as well. The only catch is: how soon can our defenses adapt and block out evolving threats? It is a good thing for everyone that we’ve got good people on our side.

Read More
Blog6 - Be Fully Aware: The Latest Threats to Your Mobile Device Security Security 

Be Fully Aware: The Latest Threats to Your Mobile Device Security

We at MOSTCONF are wholly dedicated to providing relevant discussions about mobile device security. With the continued increase in threats and vulnerabilities, it is important to be aware.

What is mobile security?

It is the active protection of smartphones, tablets, and other mobile devices. The goal is to defend these devices and the networks they connect to from risks and vulnerabilities.

What are mobile security threats?

If there are viruses for computer systems, there are several security threats that are made specifically to affect mobile devices. These are broken down to different categories which derive from where the threat is based: applications, web, network, and physical.

Application-Based Issues

One of the best virtues of smartphone is the applications that users can utilize for a variety of purposes. However, it was only a matter of time before criminal intent was applied. Unsuspecting users end up downloading innocuous looking apps, not realizing that these were made to penetrate security systems. It should be noted as well that even legitimate applications can be exploited for ill intent.

App based hazards normally fall under these categories: malware, spyware, privacy threats, and vulnerable apps. Nowadays it’s not unusual to hear about mobile ransomware. Ransomware refers to programs that target important files and documents. These are then encrypted and are only released back to their owners pending a financial transaction.

Spyware collates data without your knowledge. A similar issue was that of Carrier IQ.

Web-Based Issues

One of the greatest things about mobile phones is that it can now connect to the internet. Web-based threats are normally confined to actual computer systems.

 Empowering users is a good way to avoid phishing scams, adware, viruses, and worms.

h1 - Be Fully Aware: The Latest Threats to Your Mobile Device Security

Network Issues

If you’ve ever been warned to avoid “free” public Wi-Fi, you’d be wise to do so. Public Wi-Fi is intrinsically unsecure. Hackers can intercept critical information like credit cards, names, and addresses. If you use public Wi-Fi, it would be best to treat it like everything you do can be seen by a third-party.

Physical Issues

There is a reason why phones are often targets of physical robberies. Not only is the hardware worth a lot of money, the information criminals can harvest from the physical phone is worth even more. Identity theft, the fraudulent use of another person’s information, is a booming market.

Terrible people used to go through mailboxes and trash bins to find sensitive information. Now, they target mobile devices.

h2 - Be Fully Aware: The Latest Threats to Your Mobile Device Security

You are part of your security

As there will be more and more threats that will be launched, it is paramount that users be made part of the defense of their mobile devices. While hardware and software developers are constantly coming up with better ways to safeguard their users, it is the users themselves who must stop undermining security efforts.

It is important to read up on the latest threats and vulnerabilities your system is exposed to. Avoid unfamiliar apps and suspicious public Wi-Fi access. In the end, the strongest point of security is you.

Read More
Blog5 - MoSt 2015: Mobile Security Technologies 2015 Computers Security 

MoSt 2015: Mobile Security Technologies 2015

We move on to the next in our series of hindsight discussions. Today, we discuss Mobile Security Technologies 2015. Join us as we look back on thoughtful discussions we had that year. Like previous years, MoST brought together brilliant minds that continued to blaze trails in the fields of mobile security.

This year’s keynote speaker was Adrian Ludwig, a head engineer for Android security at Google. He holds a BA in Mathematics from Williams College and an MBA from the University of California in Berkeley. He discussed Android Security Data and Research Directions. It was a thoughtful discussion regarding Google’s complete dedication to providing end users with upgraded protection from malware and other forms of cyber attacks.

d2 - MoSt 2015: Mobile Security Technologies 2015

This was quite relevant that year as a staggering amount of T-Mobile users had their information compromised. Granted, that their details were taken after the company Experian was hacked. However, this hack was damaging as it took a lot of crucial personal data from users. These are critical information that could, at any point in time, be carried by mobile devices.

Mobile devices have seen a total spike in malware attacks which particularly target programs and applications that have transactional value. At least 25% of all mobile devices have encountered threats each month. This comes after 2014 where in 1 in 5 Android users have experience a mobile threat. iOS users were not in the clear as well. In the year 2015, iOS users had experienced a 262% increase in the number of vulnerabilities since 2011.

While much has been done to provide end users with better applications, user complacency has always been a large factor in mobile security. A lot of users still install apps and software from unverified sources. Another source of vulnerability is the fact that end users dig in their heels when it comes to OS updates. The greatest vulnerability that permeates mobile devices would be users that jailbreak or root their units in order to access free programs.

We cannot place enough emphasis on that last one. When you jailbreak your phone, your actions completely remove your phone’s built-in security features. Every researcher who has spoken at MoST have placed critical emphasis on educating end users and making them part of keeping their mobile security intact.

d1 - MoSt 2015: Mobile Security Technologies 2015

A submission entitled “Analyzing End Users’ Knowledge and Feelings Surrounding Smartphone Security and Privacy” stressed the drastic increase of threats that users face. This paper proposed that researchers must focus on security by default mechanisms. These should be configured in a simple manner as to not alienate less technical savvy users. They clarified that additional empirical research must be done better understand how an end user can be made an intrinsic part of their mobile device security. If end users are made aware of threats and mitigations, they will be better equipped to protect their assets.

MoST has continued to provide much needed spotlight on fresh perspectives that trickle into what we know mobile security is today. It is a completely wonderful achievement for all.

Read More
Blog4 - MoST 2014: Mobile Security Technologies 2014 Math Science 

MoST 2014: Mobile Security Technologies 2014

Today, we look back on our 2014 MoST Conference. This was held on May 17th, 2014 at The Fairmont Hotel in California. Let us explore the wisdom we managed to collect that day. Like the MoST conference the year before, our goal remains the same. We always aim to gather policy makers, hardware and software developers and provide a space to positively explore the advancements that mobile security has achieved in the past year.

Unlike previous years, the program did not start with the keynote speaker. Instead, the session focusing on Contextual Authentication and Privacy came first. In this session, there was quite an interesting paper submitted by students from the University of Massachusetts Amherst. It was entitled “Location Privacy without Carrier Cooperation”. It discussed how there was a need to preserve a phone user’s privacy from cellular network providers.

It was interesting in the sense that it brought emphasis to the fact that network providers could track the location of cell users as they make use of their devices. It relied on the signals being transmitted from the phone towards different towers and back. Most mobile device users were not fully aware of the dangers of this.

img3 - MoST 2014: Mobile Security Technologies 2014

The session that followed was all about Protection. A presentation was given by University of Waterloo students entitled “Two Novel Defenses against Motion-Based Keystroke Inference Attacks”. Their paper discussed how while certain sensors in phones gather information to provide their users with better functionality, it also carried a risk of potentially leaking the user’s private information. Malicious apps that can be installed by an unsuspecting user can specifically target the accelerometer and gyroscope data of mobile devices. The students discussed methods in which to defend against keystroke attacks.

These are the sort of discussions that we welcome wholeheartedly. Their experiments could unlock better ways to providing users with a boost in their mobile security.

At this point in time, smartphone users were consistently being targeted. The greatest commodity that attackers want is end user identity. Identity theft is an ever growing concern and people should fully be aware about it.

2014’s keynote speaker was Dawn Song. Her research primarily lies in security and privacy issues in computer systems and networks. At this point in time, she was an Associate Professor of Computer Science at UC Berkeley. She gave a talk entitled “Ask us before you download: Lessons from Analyzing 3 Million Android Apps”. She brought up the fact that there are apps out there that may look and seem innocuous but do in fact, have malware buried deep in their coding. The more common applications to have these are games apps and fake social media apps. Mimic apps have also seen a rise in 2014.

This is an issue that we still see today. Researchers continue to find more and more malware-infested applications in Google Play. It is refreshing to realize that issues such as these were already being discussed in 2014. Hindsight is truly a good way to appreciate discourse achievement

Read More
Blog3 - MoST Preparations: Submission Formatting and Topics Computers Security 

MoST Preparations: Submission Formatting and Topics

We’ve discussed receiving submissions for the conferences we’ve held. Today, we share the sort of formats and submissions that we are always looking out for. As always, our conferences are geared toward bringing together researchers, practitioners, and developers of mobile systems. Our goal is to provide an area in which we may all further explore the precepts of mobile security and its vulnerabilities.

In the interest of future preparation, we’ll be sharing the categories and requirements for submission entries. We accept both short (2-4 pages) and long (10 pages maximum) papers. To provide you an example, for the 2014 MoST conference, the submissions we received touched upon the topics of:

  • Privacy
  • Vulnerabilities of cloud storage
  • Secured communication networks
  • The economic impact of security and privacy tech
  • Operating systems

The other topics that MoST 2014 aimed to discuss are: device hardware, middleware, secure app development tools and practices, usable security, identity and access control, specialized applications, secure apps and application markets.

img1 - MoST Preparations: Submission Formatting and Topics

The papers which were accepted were all published online in the workshop proceedings. It is to be noted that we strictly enforce that submissions must be original and cannot be simultaneously submitted to other journals or conferences.

We believe in impartial review. As such, we always request that papers are formatted to suit anonymous review. Papers must have no author names or affiliations presented on the title page. The author must always be careful to avoid revealing who they are through any of the passages of their findings. When referring to previous works or findings, it is required to refer to them as if they were done by someone else. We expect strict compliance. Papers that do not adhere to this are immediately rejected without review.

If you are interested in submitting any papers for any of our workshops or conferences, allow us now to discuss page limits and formatting.

Short Submissions: Short paper submissions must not exceed four pages.
Long Submissions: Long papers must not exceed ten pages. This shall include all references and appendices.

We require submissions be formatted for US letter size paper. Margins are set at ¾ on all sides. All text shall be formatted in a two-column layout. These columns are not to be more than 9 inches in height and 3 inches in length. All text must be in the font of Times New Roman. We encourage those who aim to submit their works to make use of the IEEE conference proceeding templates.

img2 - MoST Preparations: Submission Formatting and Topics

Once you are satisfied with your discourse, it’ll be time to submit. All submissions must be in PDF form and error free.  For our 2014 conference, the submission deadline was by March 10th. We’ve been fortunate to have IBM Research’s Kapil Singh as our program chair. We’ve had the pleasure of having program committee members that come from establishes tech companies and universities.

Every MoST conference aims to build the network of those greatly interested in bettering everyone’s mobile security. We should strive to work together.

Read More
Blog2 - MoST 2013: Mobile Security Technologies 2013 Math Science 

MoST 2013: Mobile Security Technologies 2013

Continuing our trend of appreciating what we have achieved, this month we discuss MoST 2013. Join us as we provide clear hindsight to one of the events that raised awareness for mobile security. A year in our time pretty much equals ten years in the field of mobile security. It was the year 2013 that the world what introduced to the concepts of Augmented Reality (AR), “Checking In”, and many others.

We brought together some of the best researchers and practitioners to further explore new advances in privacy and security for mobile devices, systems, and other applications. For 2013, our keyword speaker was David Molnar, a researcher at Microsoft Research. Molnar holds a PhD from the University of California.

His discussion was entitled: “Security and Privacy Challenges in Mobile Augmented Reality”. For those unfamiliar with the concept, AR is the tech that superimposes a computer generated image (CGI) upon the user’s view which creates an overlay view. This was popularized by the Nintendo 3DS when it had launched in 2011.

Molnar placed emphasis on privacy concerns for its many users. AR was primarily used in consoles like the Microsoft Kinect and certain mobile applications. Today, you would know this to be what is used for the popular mobile app Pokemon GO. Molnar also touched upon the positive security and privacy apps that are now enabled because of AR.

m2 - MoST 2013: Mobile Security Technologies 2013

Carrying on from last year’s program, there were different sessions that discussed different facets of mobile security. They touched specifically on location and permission, authentication, and privacy and attacks.

There were papers and studies presented by a number of students and professionals. One presentation entitled “Quantifying the Effects of Removing Permissions from Android Applications” was quite interesting. They developed a system for evaluating the supposed effects of removing individual permissions from applications. They found that not all permissions are created equal.

Another study of note was Salvador Mandujano from Intel Corporation. His discussion was entitled “Privacy in the Mobile Hardware Space: Threats and Design Considerations”. It was a survey of the common privacy threats that would be applicable to the hardware of mobile platforms. The study further clarified what mobile malware was and what it does. This placed much emphasis on the need to up the defense of mobile devices. It also presented that hardware and embedded firmware development must take into consideration the risks that are ever present in the sphere of mobile security.

It was a productive conference in the sense that people got a better understanding of the evolving threats that could pounce at any moment. The researchers and speakers placed a lot of emphasis on the fact that there seems to be an alarming disregard for the privacy of users with regard to app permissions and app functionality.

2013 brought light to an issue that really needed attention: the risks brought on by geo-tagging and app permissions. Mobile devices are here to stay so it would be in everyone’s best interest to find better ways to secure it.

Read More
Blog - MoST 2012: Mobile Security Technologies 2012 Computers Security 

MoST 2012: Mobile Security Technologies 2012

One of the best ways to know where you’re going is by looking behind you. Today, we take a look at some of our past conferences that you can use as a comparison point for latter events.

This conference was held last May 24 in the year 2012 in Westin St. Francis Hotel in San Francisco. We brought together practitioners and policy makers that helped attendees explore the mobile security advances of that time. This conference had both on-site and online registration for the workshops available that day.

We had Peter Eckersley come in and give a talk about Carrier IQ, quite the cause for controversy back then. It was found that Carrier IQ gathered data on its users and were not transparent regarding what the date was used for. Carrier IQ was formerly partnered with corporate giants like Sprint, AT&T, and even T-Mobile. Eckersley’s talk was entitled “Spies in our Pockets: Lessons from the Carrier IQ Scandal about Privacy and Transparency on Contemporary Cellular Networks.”

Carrier IQ was a privately held operation in California. In 2015, Carrier IQ was acquired by AT&T. It is unknown whether or not AT&T has scrapped the software which was able to monitor on-screen selections.

Eckersley, at the time, did technical policy work on a variety of issues which ranged from privacy to network neutrality. From there, MoST 2012 went on to have other Speakers present papers. These short position papers were submitted to discuss the topics of vulnerabilities and remediation techniques, risks in networks or clouds, and many more.

m1 - MoST 2012: Mobile Security Technologies 2012

At this point in time, it was evident that mobile security was something that needed surveillance from the general public. The outcry that had followed the Carrier IQ controversy showed that users cared quite deeply about their personal information and what it could be used for.

This particular conference also brought in people from Dalhousie University and IBM T.J Watson Research Center to discuss the concept of the Mobile Web. This session’s chair was Larry Koved. The afternoon session comprised of a discussion about Application Security and Privacy. Students from Seoul National University shared their research regarding a static analyzer that could detect privacy leaks in Android apps. Students from Virginia Tech shared their analysis on malicious mobile apps. A short break followed.

MoST 2012 was a success in bringing together like-minded individuals. We provided a safe space wherein the pioneers of latter technological advances were able to have a soundboard for their studies and analysis. If there was anything that we learned from this, it was the fact that the concept of mobile security and privacy was something to be safeguarded.

At that point in time, Apple and Samsung were all launching smartphones. They launched mobile devices that allowed users to purchase anything with a tap of a screen. This capability pretty much announced to the world that sensitive information was there for the taking. These mobile devices were infinitely alluring targets for hackers. That is why we strive to promote mobile security.

Read More