Blog8 - MoST 2017: Mobile Security Technologies 2017 Science 

MoST 2017: Mobile Security Technologies 2017

We now catch up to our very recent MoST conference! Join us as we discuss the conference that was held just this May at The Fairmont Hotel in California. We’ve been at this a while and we’re still going strong!

Since 2012, we’ve been proving a think tank for practitioners, researchers, and developers of mobile systems. They gather to explore the latest concepts and advances in the field of mobile security, privacy, and application. We’ve gathered quite the submission batch this year!

s1 - MoST 2017: Mobile Security Technologies 2017

For this year’s conference, we were honored to have Dan Wallach as our keynote speaker. He has an M.A. and PhD from Princeton University. He is presently a professor in the Departments of Computer Science and Computer Engineering and a Rice Scholar at the Baker Institute for Public Police at Rice University. Wallach’s research touches upon the topics of computer security which include electronic voting systems. As you may infer, this is quite crucial in ensuring that the true voice of democracy is heard and applied. Wallach spoke about “What, exactly, is different or new about mobile security?” His take on the topic is timely and relevant. While there have been major advancements in mobile security, the vulnerabilities have evolved as well. Having a clear refresher on what we have all accomplished through the years a great starting point for future generations of experts.

Like how we’ve looked back to the past conferences we’ve done, Wallach pinpoints where we can all still improve.

We also invited Earlence Fernandes to give a talk. Mr. Fernandes is a security researcher for “The Internet of Things”. He holds a PhD in Computer Science from the University of Michigan. The concept of ‘the Internet of things’ refers to the smart home applications that control appliances and even home security. He spoke about “Internet of Things Security: What, Why, and How”.

As more and more users are now fully integrating a smart system into their homes, it is ever more crucial that mobile device security is bolstered with better defense systems and software. The dangers of getting your home hacked are terrifying; smart systems also include locking mechanisms, security cameras, and HVAC systems.

In 2016, there has been an alarming rate of compromised home security systems in smart homes. It is important that we all address how ready we are for an integrated system. While convenience is good, is it worth sacrificing everything else? What fail safe practices are available for smart home systems?

Experts work round the clock to effectively identify and isolate vulnerabilities. No longer are mobile devices limited to cell phones, tablets, and laptops. Now there are wearable mobile devices that contain information like user location. These devices are made to work seamlessly with each other. If one is corrupted, how secure are the others?

s2 - MoST 2017: Mobile Security Technologies 2017

This is something that we shall continue to explore in the years to come. If you’re interested in submitting your paper for next’s year’s conference, stay tuned for future announcements for topics and proper formatting.

Read More
Blog9 - Our Brand New Wearable Technology: What Safety Pitfalls Exist In Your Device? Security 

Our Brand New Wearable Technology: What Safety Pitfalls Exist In Your Device?

You would be hard pressed to find anyone who does not at least know of wearable technology. Today, we take a look at what security pitfalls exist within these wearable devices.

What is wearable technology?

We said it may be hard-pressed to find anyone who may not know of the concept. However, in the interest of the discussion, allow us to further clarify what is meant by wearable technology. These are also called “wearable gadgets”. You’ve probably seen a smart watch by Apple or Android Wear. These are classified under wearable technology.

The ones that permeate the market the most are fitness trackers. Sales of wearable electronic devices have spiked since 2015. More and more manufacturers are trying to break into the market even as we speak. However, what are the potential vulnerabilities and risks of using a wearable device?

w2 - Our Brand New Wearable Technology: What Safety Pitfalls Exist In Your Device?

Too easy to access

One of the main concerns about wearable gadgets is the fact that there is very little form of access limitation. There is no code or PIN needed to access the information stored within. So if you ever have your smart watch stolen, the thief does not need to get past an access code to get your details.

No encryption of data

The main appeal of a wearable device is that data can be transferred from the device to a larger computer system. However, it is precisely this that can be the source of trouble. While the date is transferring, it is not encrypted. So anyone who is able to do so can intercept the information and all the data would be plain to see.

As wearable technology can be used to conduct purchases, communication, and many other things, the data stored and being transferred is quite valuable to identity brokers in the black market.

Database vulnerability

Apps collect information about their end users. The logic behind this is that they use this data to further streamline the service they provide. All the data is stored in their database. Now, if someone were to target the database, there is a whole lot of information present that could be quite damaging.

Wearable devices often have a location tracker. Hackers and criminal can make use of this to determine the user’s location and take advantage of it.

w1 - Our Brand New Wearable Technology: What Safety Pitfalls Exist In Your Device?

Wearable technology is here to stay

There is no denying the sheer convenience of wearable technology. Developers are now aspiring to make use of wearable tech to provide better services in the field of healthcare. Hardware and software developers predict that wearable gadgets will be standard tools for law enforcement and medicine.

Some even say that they are looking into implantable technology. That opens a new can of worms entirely. While wearable tech does help improving the quality of life of its users, developers need to step up with regard to the mobile security of the gadget and the database.

Do you have a wearable device? Let us know if you’ve ever experienced any security risks. It always pays to be informed.

Read More
Blog11 - Is It Secure Enough for You: A Look at the "Best" Android Security Apps Computers 

Is It Secure Enough for You: A Look at the “Best” Android Security Apps

There have been a lot of “reliable” Android security apps in the market. How high is their efficacy rate? Join us as we delve into the concept of the best Android security apps to date.

Pretty much everyone has a mobile phone. It’s convenient and it helps improve the quality of life of its end users. So you probably won’t be the only one who would say they value their smartphone highly. However, despite all the benefits, there are significant pitfalls as well. Unscrupulous people always aim to target smartphones; knowing quite well that there’s sensitive information they can take advantage of. With that in mind, just how can you secure your mobile device?

While there are built-in security measures for Android phones, it always pays to go the extra mile. Security apps available in the market and we’ve taken a closer look at some touted as the “Best”. To note, these can help but if your phone is beyond repair, consider iphone repair nashville and have your device restored to it’s original efficiency.

Avast Antivirus & Security

One of the security apps that offer a vast range of security tools, this has the ready antivirus protection and provides a web shield that scans all URLs for malware. Avast has an impressive almost perfect detection rate for any threats and malware attacks.

There is a free and a paid version of this app.

Avira Antivirus Security

This Android app has both a paid and a free version. It has a minimal design to it that suits most Zen aesthetic. What can set this app apart from the rest is the fact that it lets its users scan apps for risks and vulnerabilities prior to installation.

y1 - Is It Secure Enough for You: A Look at the "Best" Android Security Apps

This app has anti-theft tools so, as a user, you have a stronger layer of protection versus actual physical theft of your device. It has a device tracker and remote access. So you can lock, wipe, or even trigger an alarm. It’s quite helpful.

Both are good in the sense that they have over 97% efficacy rate in determining risks and attacks. The extra features are a bonus. Most phone users do not realize that having an antivirus on their device is necessary. If you’re reading this and you don’t have one for your device, it would be in your best interest to get one now.

End users have as much responsibility toward the security of their device as hardware and software developers do. If you have any questions or want a recommendation, feel free to send us a message.

Read More
Blog7 - MoST 2016: Mobile Security Technologies 2016 Computers 

MoST 2016: Mobile Security Technologies 2016

Continuing our discussion about our MoST conferences, we move on to 2016. The Mobile Security Technologies 2016 conference was held at The Fairmont Hotel in California. Like every year previously, we aspire to bring together the pioneers and newest minds in the field of research, software development, and policy development.

MoST is always held as part of the IEEE Computer Society Security and Privacy Workshops. On this year, we had Patric McDaniel as our keynote speaker. Professor McDaniel is part of the School of Electrical Engineering and Computer Science at The Pennsylvania State University. He delivered a talk entitled “Learning from Ourselves: Where are we and where can we go in mobile systems security?”

He explored the era of security research of smart mobile systems. He highlighted the lessons learned and lessons that should have been learned. He also touched upon the opportunities and limitations of markets and their providers.

2016 was the year wherein the first session focused up the concepts of risks in mobile transactions, grayware, and target fragmentation. Grayware refers to malicious code or software like adware, spyware, and trackware.

g2 - MoST 2016: Mobile Security Technologies 2016

As more and more end users make use of their devices to do transactions, these became the norm target for hackers. It was said that 10% of Android devices suffer from malware attacks every three months. Malware targets sensitive information like personal banking information. If you make use of your mobile device to look up your account balance, this is exactly what hackers try to gain access to. Certain forms of threats aren’t always so obvious.

The act of shoulder surfing, either physically or with the use of cameras, is a well-known method of stealing your passwords and other sensitive details. Yes, this is a thing. Researchers have found that while more and more individuals are looking into the depths of their devices for potential risks, there is even less thought given to physical risks.

The second session of the MoST 2016 conference focused on browser history stealing and inferring activity from smart home network traffic. Browser history data, particularly the key-logged passwords and usernames are quite valuable. If you’ve ever made the habit of telling your device to “remember this password”, you’re opening yourself up to a vulnerability. Personal websites like dating ones are often the target of hackers. The AsheleyMadison.com hack is one such example.

The third and last session of that day focused on defenses. There was an interesting discussion regarding the classification of Android malware based on their runtime behavior. It is comforting to know that we have budding and established professionals who are working around the clock to determine threats.

g1 - MoST 2016: Mobile Security Technologies 2016

Mitigating threats is one of the key purposes of mobile security. Threats are becoming more sophisticated and smarter each day. It would only make sense if our defense systems were to evolve as well. The only catch is: how soon can our defenses adapt and block out evolving threats? It is a good thing for everyone that we’ve got good people on our side.

Read More
Blog6 - Be Fully Aware: The Latest Threats to Your Mobile Device Security Security 

Be Fully Aware: The Latest Threats to Your Mobile Device Security

We at MOSTCONF are wholly dedicated to providing relevant discussions about mobile device security. With the continued increase in threats and vulnerabilities, it is important to be aware.

What is mobile security?

It is the active protection of smartphones, tablets, and other mobile devices. The goal is to defend these devices and the networks they connect to from risks and vulnerabilities.

What are mobile security threats?

If there are viruses for computer systems, there are several security threats that are made specifically to affect mobile devices. These are broken down to different categories which derive from where the threat is based: applications, web, network, and physical.

Application-Based Issues

One of the best virtues of smartphone is the applications that users can utilize for a variety of purposes. However, it was only a matter of time before criminal intent was applied. Unsuspecting users end up downloading innocuous looking apps, not realizing that these were made to penetrate security systems. It should be noted as well that even legitimate applications can be exploited for ill intent.

App based hazards normally fall under these categories: malware, spyware, privacy threats, and vulnerable apps. Nowadays it’s not unusual to hear about mobile ransomware. Ransomware refers to programs that target important files and documents. These are then encrypted and are only released back to their owners pending a financial transaction.

Spyware collates data without your knowledge. A similar issue was that of Carrier IQ.

Web-Based Issues

One of the greatest things about mobile phones is that it can now connect to the internet. Web-based threats are normally confined to actual computer systems.

 Empowering users is a good way to avoid phishing scams, adware, viruses, and worms.

h1 - Be Fully Aware: The Latest Threats to Your Mobile Device Security

Network Issues

If you’ve ever been warned to avoid “free” public Wi-Fi, you’d be wise to do so. Public Wi-Fi is intrinsically unsecure. Hackers can intercept critical information like credit cards, names, and addresses. If you use public Wi-Fi, it would be best to treat it like everything you do can be seen by a third-party.

Physical Issues

There is a reason why phones are often targets of physical robberies. Not only is the hardware worth a lot of money, the information criminals can harvest from the physical phone is worth even more. Identity theft, the fraudulent use of another person’s information, is a booming market.

Terrible people used to go through mailboxes and trash bins to find sensitive information. Now, they target mobile devices.

h2 - Be Fully Aware: The Latest Threats to Your Mobile Device Security

You are part of your security

As there will be more and more threats that will be launched, it is paramount that users be made part of the defense of their mobile devices. While hardware and software developers are constantly coming up with better ways to safeguard their users, it is the users themselves who must stop undermining security efforts.

It is important to read up on the latest threats and vulnerabilities your system is exposed to. Avoid unfamiliar apps and suspicious public Wi-Fi access. In the end, the strongest point of security is you.

Read More
Blog5 - MoSt 2015: Mobile Security Technologies 2015 Computers Security 

MoSt 2015: Mobile Security Technologies 2015

We move on to the next in our series of hindsight discussions. Today, we discuss Mobile Security Technologies 2015. Join us as we look back on thoughtful discussions we had that year. Like previous years, MoST brought together brilliant minds that continued to blaze trails in the fields of mobile security.

This year’s keynote speaker was Adrian Ludwig, a head engineer for Android security at Google. He holds a BA in Mathematics from Williams College and an MBA from the University of California in Berkeley. He discussed Android Security Data and Research Directions. It was a thoughtful discussion regarding Google’s complete dedication to providing end users with upgraded protection from malware and other forms of cyber attacks.

d2 - MoSt 2015: Mobile Security Technologies 2015

This was quite relevant that year as a staggering amount of T-Mobile users had their information compromised. Granted, that their details were taken after the company Experian was hacked. However, this hack was damaging as it took a lot of crucial personal data from users. These are critical information that could, at any point in time, be carried by mobile devices.

Mobile devices have seen a total spike in malware attacks which particularly target programs and applications that have transactional value. At least 25% of all mobile devices have encountered threats each month. This comes after 2014 where in 1 in 5 Android users have experience a mobile threat. iOS users were not in the clear as well. In the year 2015, iOS users had experienced a 262% increase in the number of vulnerabilities since 2011.

While much has been done to provide end users with better applications, user complacency has always been a large factor in mobile security. A lot of users still install apps and software from unverified sources. Another source of vulnerability is the fact that end users dig in their heels when it comes to OS updates. The greatest vulnerability that permeates mobile devices would be users that jailbreak or root their units in order to access free programs.

We cannot place enough emphasis on that last one. When you jailbreak your phone, your actions completely remove your phone’s built-in security features. Every researcher who has spoken at MoST have placed critical emphasis on educating end users and making them part of keeping their mobile security intact.

d1 - MoSt 2015: Mobile Security Technologies 2015

A submission entitled “Analyzing End Users’ Knowledge and Feelings Surrounding Smartphone Security and Privacy” stressed the drastic increase of threats that users face. This paper proposed that researchers must focus on security by default mechanisms. These should be configured in a simple manner as to not alienate less technical savvy users. They clarified that additional empirical research must be done better understand how an end user can be made an intrinsic part of their mobile device security. If end users are made aware of threats and mitigations, they will be better equipped to protect their assets.

MoST has continued to provide much needed spotlight on fresh perspectives that trickle into what we know mobile security is today. It is a completely wonderful achievement for all.

Read More
Blog4 - MoST 2014: Mobile Security Technologies 2014 Math Science 

MoST 2014: Mobile Security Technologies 2014

Today, we look back on our 2014 MoST Conference. This was held on May 17th, 2014 at The Fairmont Hotel in California. Let us explore the wisdom we managed to collect that day. Like the MoST conference the year before, our goal remains the same. We always aim to gather policy makers, hardware and software developers and provide a space to positively explore the advancements that mobile security has achieved in the past year.

Unlike previous years, the program did not start with the keynote speaker. Instead, the session focusing on Contextual Authentication and Privacy came first. In this session, there was quite an interesting paper submitted by students from the University of Massachusetts Amherst. It was entitled “Location Privacy without Carrier Cooperation”. It discussed how there was a need to preserve a phone user’s privacy from cellular network providers.

It was interesting in the sense that it brought emphasis to the fact that network providers could track the location of cell users as they make use of their devices. It relied on the signals being transmitted from the phone towards different towers and back. Most mobile device users were not fully aware of the dangers of this.

img3 - MoST 2014: Mobile Security Technologies 2014

The session that followed was all about Protection. A presentation was given by University of Waterloo students entitled “Two Novel Defenses against Motion-Based Keystroke Inference Attacks”. Their paper discussed how while certain sensors in phones gather information to provide their users with better functionality, it also carried a risk of potentially leaking the user’s private information. Malicious apps that can be installed by an unsuspecting user can specifically target the accelerometer and gyroscope data of mobile devices. The students discussed methods in which to defend against keystroke attacks.

These are the sort of discussions that we welcome wholeheartedly. Their experiments could unlock better ways to providing users with a boost in their mobile security.

At this point in time, smartphone users were consistently being targeted. The greatest commodity that attackers want is end user identity. Identity theft is an ever growing concern and people should fully be aware about it.

2014’s keynote speaker was Dawn Song. Her research primarily lies in security and privacy issues in computer systems and networks. At this point in time, she was an Associate Professor of Computer Science at UC Berkeley. She gave a talk entitled “Ask us before you download: Lessons from Analyzing 3 Million Android Apps”. She brought up the fact that there are apps out there that may look and seem innocuous but do in fact, have malware buried deep in their coding. The more common applications to have these are games apps and fake social media apps. Mimic apps have also seen a rise in 2014.

This is an issue that we still see today. Researchers continue to find more and more malware-infested applications in Google Play. It is refreshing to realize that issues such as these were already being discussed in 2014. Hindsight is truly a good way to appreciate discourse achievement

Read More
Blog3 - MoST Preparations: Submission Formatting and Topics Computers Security 

MoST Preparations: Submission Formatting and Topics

We’ve discussed receiving submissions for the conferences we’ve held. Today, we share the sort of formats and submissions that we are always looking out for. As always, our conferences are geared toward bringing together researchers, practitioners, and developers of mobile systems. Our goal is to provide an area in which we may all further explore the precepts of mobile security and its vulnerabilities.

In the interest of future preparation, we’ll be sharing the categories and requirements for submission entries. We accept both short (2-4 pages) and long (10 pages maximum) papers. To provide you an example, for the 2014 MoST conference, the submissions we received touched upon the topics of:

  • Privacy
  • Vulnerabilities of cloud storage
  • Secured communication networks
  • The economic impact of security and privacy tech
  • Operating systems

The other topics that MoST 2014 aimed to discuss are: device hardware, middleware, secure app development tools and practices, usable security, identity and access control, specialized applications, secure apps and application markets.

img1 - MoST Preparations: Submission Formatting and Topics

The papers which were accepted were all published online in the workshop proceedings. It is to be noted that we strictly enforce that submissions must be original and cannot be simultaneously submitted to other journals or conferences.

We believe in impartial review. As such, we always request that papers are formatted to suit anonymous review. Papers must have no author names or affiliations presented on the title page. The author must always be careful to avoid revealing who they are through any of the passages of their findings. When referring to previous works or findings, it is required to refer to them as if they were done by someone else. We expect strict compliance. Papers that do not adhere to this are immediately rejected without review.

If you are interested in submitting any papers for any of our workshops or conferences, allow us now to discuss page limits and formatting.

Short Submissions: Short paper submissions must not exceed four pages.
Long Submissions: Long papers must not exceed ten pages. This shall include all references and appendices.

We require submissions be formatted for US letter size paper. Margins are set at ¾ on all sides. All text shall be formatted in a two-column layout. These columns are not to be more than 9 inches in height and 3 inches in length. All text must be in the font of Times New Roman. We encourage those who aim to submit their works to make use of the IEEE conference proceeding templates.

img2 - MoST Preparations: Submission Formatting and Topics

Once you are satisfied with your discourse, it’ll be time to submit. All submissions must be in PDF form and error free.  For our 2014 conference, the submission deadline was by March 10th. We’ve been fortunate to have IBM Research’s Kapil Singh as our program chair. We’ve had the pleasure of having program committee members that come from establishes tech companies and universities.

Every MoST conference aims to build the network of those greatly interested in bettering everyone’s mobile security. We should strive to work together.

Read More
Blog2 - MoST 2013: Mobile Security Technologies 2013 Math Science 

MoST 2013: Mobile Security Technologies 2013

Continuing our trend of appreciating what we have achieved, this month we discuss MoST 2013. Join us as we provide clear hindsight to one of the events that raised awareness for mobile security. A year in our time pretty much equals ten years in the field of mobile security. It was the year 2013 that the world what introduced to the concepts of Augmented Reality (AR), “Checking In”, and many others.

We brought together some of the best researchers and practitioners to further explore new advances in privacy and security for mobile devices, systems, and other applications. For 2013, our keyword speaker was David Molnar, a researcher at Microsoft Research. Molnar holds a PhD from the University of California.

His discussion was entitled: “Security and Privacy Challenges in Mobile Augmented Reality”. For those unfamiliar with the concept, AR is the tech that superimposes a computer generated image (CGI) upon the user’s view which creates an overlay view. This was popularized by the Nintendo 3DS when it had launched in 2011.

Molnar placed emphasis on privacy concerns for its many users. AR was primarily used in consoles like the Microsoft Kinect and certain mobile applications. Today, you would know this to be what is used for the popular mobile app Pokemon GO. Molnar also touched upon the positive security and privacy apps that are now enabled because of AR.

m2 - MoST 2013: Mobile Security Technologies 2013

Carrying on from last year’s program, there were different sessions that discussed different facets of mobile security. They touched specifically on location and permission, authentication, and privacy and attacks.

There were papers and studies presented by a number of students and professionals. One presentation entitled “Quantifying the Effects of Removing Permissions from Android Applications” was quite interesting. They developed a system for evaluating the supposed effects of removing individual permissions from applications. They found that not all permissions are created equal.

Another study of note was Salvador Mandujano from Intel Corporation. His discussion was entitled “Privacy in the Mobile Hardware Space: Threats and Design Considerations”. It was a survey of the common privacy threats that would be applicable to the hardware of mobile platforms. The study further clarified what mobile malware was and what it does. This placed much emphasis on the need to up the defense of mobile devices. It also presented that hardware and embedded firmware development must take into consideration the risks that are ever present in the sphere of mobile security.

It was a productive conference in the sense that people got a better understanding of the evolving threats that could pounce at any moment. The researchers and speakers placed a lot of emphasis on the fact that there seems to be an alarming disregard for the privacy of users with regard to app permissions and app functionality.

2013 brought light to an issue that really needed attention: the risks brought on by geo-tagging and app permissions. Mobile devices are here to stay so it would be in everyone’s best interest to find better ways to secure it.

Read More
Blog - MoST 2012: Mobile Security Technologies 2012 Computers Security 

MoST 2012: Mobile Security Technologies 2012

One of the best ways to know where you’re going is by looking behind you. Today, we take a look at some of our past conferences that you can use as a comparison point for latter events.

This conference was held last May 24 in the year 2012 in Westin St. Francis Hotel in San Francisco. We brought together practitioners and policy makers that helped attendees explore the mobile security advances of that time. This conference had both on-site and online registration for the workshops available that day.

We had Peter Eckersley come in and give a talk about Carrier IQ, quite the cause for controversy back then. It was found that Carrier IQ gathered data on its users and were not transparent regarding what the date was used for. Carrier IQ was formerly partnered with corporate giants like Sprint, AT&T, and even T-Mobile. Eckersley’s talk was entitled “Spies in our Pockets: Lessons from the Carrier IQ Scandal about Privacy and Transparency on Contemporary Cellular Networks.”

Carrier IQ was a privately held operation in California. In 2015, Carrier IQ was acquired by AT&T. It is unknown whether or not AT&T has scrapped the software which was able to monitor on-screen selections.

Eckersley, at the time, did technical policy work on a variety of issues which ranged from privacy to network neutrality. From there, MoST 2012 went on to have other Speakers present papers. These short position papers were submitted to discuss the topics of vulnerabilities and remediation techniques, risks in networks or clouds, and many more.

m1 - MoST 2012: Mobile Security Technologies 2012

At this point in time, it was evident that mobile security was something that needed surveillance from the general public. The outcry that had followed the Carrier IQ controversy showed that users cared quite deeply about their personal information and what it could be used for.

This particular conference also brought in people from Dalhousie University and IBM T.J Watson Research Center to discuss the concept of the Mobile Web. This session’s chair was Larry Koved. The afternoon session comprised of a discussion about Application Security and Privacy. Students from Seoul National University shared their research regarding a static analyzer that could detect privacy leaks in Android apps. Students from Virginia Tech shared their analysis on malicious mobile apps. A short break followed.

MoST 2012 was a success in bringing together like-minded individuals. We provided a safe space wherein the pioneers of latter technological advances were able to have a soundboard for their studies and analysis. If there was anything that we learned from this, it was the fact that the concept of mobile security and privacy was something to be safeguarded.

At that point in time, Apple and Samsung were all launching smartphones. They launched mobile devices that allowed users to purchase anything with a tap of a screen. This capability pretty much announced to the world that sensitive information was there for the taking. These mobile devices were infinitely alluring targets for hackers. That is why we strive to promote mobile security.

Read More