Blog4 - MoST 2014: Mobile Security Technologies 2014 Math Science 

MoST 2014: Mobile Security Technologies 2014

Today, we look back on our 2014 MoST Conference. This was held on May 17th, 2014 at The Fairmont Hotel in California. Let us explore the wisdom we managed to collect that day. Like the MoST conference the year before, our goal remains the same. We always aim to gather policy makers, hardware and software developers and provide a space to positively explore the advancements that mobile security has achieved in the past year.

Unlike previous years, the program did not start with the keynote speaker. Instead, the session focusing on Contextual Authentication and Privacy came first. In this session, there was quite an interesting paper submitted by students from the University of Massachusetts Amherst. It was entitled “Location Privacy without Carrier Cooperation”. It discussed how there was a need to preserve a phone user’s privacy from cellular network providers.

It was interesting in the sense that it brought emphasis to the fact that network providers could track the location of cell users as they make use of their devices. It relied on the signals being transmitted from the phone towards different towers and back. Most mobile device users were not fully aware of the dangers of this.

img3 - MoST 2014: Mobile Security Technologies 2014

The session that followed was all about Protection. A presentation was given by University of Waterloo students entitled “Two Novel Defenses against Motion-Based Keystroke Inference Attacks”. Their paper discussed how while certain sensors in phones gather information to provide their users with better functionality, it also carried a risk of potentially leaking the user’s private information. Malicious apps that can be installed by an unsuspecting user can specifically target the accelerometer and gyroscope data of mobile devices. The students discussed methods in which to defend against keystroke attacks using IPS or network/bandwidth analysis tools.

These are the sort of discussions that we welcome wholeheartedly. Their experiments could unlock better ways to providing users with a boost in their mobile security.

At this point in time, smartphone users were consistently being targeted. The greatest commodity that attackers want is end user identity. Identity theft is an ever growing concern and people should fully be aware about it.

2014’s keynote speaker was Dawn Song. Her research primarily lies in security and privacy issues in computer systems and networks. At this point in time, she was an Associate Professor of Computer Science at UC Berkeley. She gave a talk entitled “Ask us before you download: Lessons from Analyzing 3 Million Android Apps”. She brought up the fact that there are apps out there that may look and seem innocuous but do in fact, have malware buried deep in their coding. The more common applications to have these are games apps and fake social media apps. Mimic apps have also seen a rise in 2014.

This is an issue that we still see today. Researchers continue to find more and more malware-infested applications in Google Play. It is refreshing to realize that issues such as these were already being discussed in 2014. Hindsight is truly a good way to appreciate discourse achievement

Read More
Blog2 - MoST 2013: Mobile Security Technologies 2013 Math Science 

MoST 2013: Mobile Security Technologies 2013

Continuing our trend of appreciating what we have achieved, this month we discuss MoST 2013. Join us as we provide clear hindsight to one of the events that raised awareness for mobile security. A year in our time pretty much equals ten years in the field of mobile security. It was the year 2013 that the world what introduced to the concepts of Augmented Reality (AR), “Checking In”, and many others.

We brought together some of the best researchers and practitioners to further explore new advances in privacy and security for mobile devices, systems, and other applications. For 2013, our keyword speaker was David Molnar, a researcher at Microsoft Research. Molnar holds a PhD from the University of California.

His discussion was entitled: “Security and Privacy Challenges in Mobile Augmented Reality”. For those unfamiliar with the concept, AR is the tech that superimposes a computer generated image (CGI) upon the user’s view which creates an overlay view. This was popularized by the Nintendo 3DS when it had launched in 2011.

Molnar placed emphasis on privacy concerns for its many users. AR was primarily used in consoles like the Microsoft Kinect and certain mobile applications. Today, you would know this to be what is used for the popular mobile app Pokemon GO. Molnar also touched upon the positive security and privacy apps that are now enabled because of AR.

m2 - MoST 2013: Mobile Security Technologies 2013

Carrying on from last year’s program, there were different sessions that discussed different facets of mobile security. They touched specifically on location and permission, authentication, and privacy and attacks.

There were papers and studies presented by a number of students and professionals. One presentation entitled “Quantifying the Effects of Removing Permissions from Android Applications” was quite interesting. They developed a system for evaluating the supposed effects of removing individual permissions from applications. They found that not all permissions are created equal.

Another study of note was Salvador Mandujano from Intel Corporation. His discussion was entitled “Privacy in the Mobile Hardware Space: Threats and Design Considerations”. It was a survey of the common privacy threats that would be applicable to the hardware of mobile platforms. The study further clarified what mobile malware was and what it does. This placed much emphasis on the need to up the defense of mobile devices. It also presented that hardware and embedded firmware development must take into consideration the risks that are ever present in the sphere of mobile security.

It was a productive conference in the sense that people got a better understanding of the evolving threats that could pounce at any moment. The researchers and speakers placed a lot of emphasis on the fact that there seems to be an alarming disregard for the privacy of users with regard to app permissions and app functionality.

2013 brought light to an issue that really needed attention: the risks brought on by geo-tagging and app permissions. Mobile devices are here to stay so it would be in everyone’s best interest to find better ways to secure it.

Read More