Blog8 - MoST 2017: Mobile Security Technologies 2017 Science 

MoST 2017: Mobile Security Technologies 2017

We now catch up to our very recent MoST conference! Join us as we discuss the conference that was held just this May at The Fairmont Hotel in California. We’ve been at this a while and we’re still going strong!

Since 2012, we’ve been proving a think tank for practitioners, researchers, and developers of mobile systems. They gather to explore the latest concepts and advances in the field of mobile security, privacy, and application. We’ve gathered quite the submission batch this year!

s1 - MoST 2017: Mobile Security Technologies 2017

For this year’s conference, we were honored to have Dan Wallach as our keynote speaker. He has an M.A. and PhD from Princeton University. He is presently a professor in the Departments of Computer Science and Computer Engineering and a Rice Scholar at the Baker Institute for Public Police at Rice University. Wallach’s research touches upon the topics of computer security which include electronic voting systems. As you may infer, this is quite crucial in ensuring that the true voice of democracy is heard and applied. Wallach spoke about “What, exactly, is different or new about mobile security?” His take on the topic is timely and relevant. While there have been major advancements in mobile security, the vulnerabilities have evolved as well. Having a clear refresher on what we have all accomplished through the years a great starting point for future generations of experts.

Like how we’ve looked back to the past conferences we’ve done, Wallach pinpoints where we can all still improve.

We also invited Earlence Fernandes to give a talk. Mr. Fernandes is a security researcher for “The Internet of Things”. He holds a PhD in Computer Science from the University of Michigan. The concept of ‘the Internet of things’ refers to the smart home applications that control appliances and even home security. He spoke about “Internet of Things Security: What, Why, and How”.

As more and more users are now fully integrating a smart system into their homes, it is ever more crucial that mobile device security is bolstered with better defense systems and software. The dangers of getting your home hacked are terrifying; smart systems also include locking mechanisms, security cameras, and HVAC systems.

In 2016, there has been an alarming rate of compromised home security systems in smart homes. It is important that we all address how ready we are for an integrated system. While convenience is good, is it worth sacrificing everything else? What fail safe practices are available for smart home systems?

Experts work round the clock to effectively identify and isolate vulnerabilities. No longer are mobile devices limited to cell phones, tablets, and laptops. Now there are wearable mobile devices that contain information like user location. These devices are made to work seamlessly with each other. If one is corrupted, how secure are the others?

s2 - MoST 2017: Mobile Security Technologies 2017

This is something that we shall continue to explore in the years to come. If you’re interested in submitting your paper for next’s year’s conference, stay tuned for future announcements for topics and proper formatting.

Read More
Blog4 - MoST 2014: Mobile Security Technologies 2014 Math Science 

MoST 2014: Mobile Security Technologies 2014

Today, we look back on our 2014 MoST Conference. This was held on May 17th, 2014 at The Fairmont Hotel in California. Let us explore the wisdom we managed to collect that day. Like the MoST conference the year before, our goal remains the same. We always aim to gather policy makers, hardware and software developers and provide a space to positively explore the advancements that mobile security has achieved in the past year.

Unlike previous years, the program did not start with the keynote speaker. Instead, the session focusing on Contextual Authentication and Privacy came first. In this session, there was quite an interesting paper submitted by students from the University of Massachusetts Amherst. It was entitled “Location Privacy without Carrier Cooperation”. It discussed how there was a need to preserve a phone user’s privacy from cellular network providers.

It was interesting in the sense that it brought emphasis to the fact that network providers could track the location of cell users as they make use of their devices. It relied on the signals being transmitted from the phone towards different towers and back. Most mobile device users were not fully aware of the dangers of this.

img3 - MoST 2014: Mobile Security Technologies 2014

The session that followed was all about Protection. A presentation was given by University of Waterloo students entitled “Two Novel Defenses against Motion-Based Keystroke Inference Attacks”. Their paper discussed how while certain sensors in phones gather information to provide their users with better functionality, it also carried a risk of potentially leaking the user’s private information. Malicious apps that can be installed by an unsuspecting user can specifically target the accelerometer and gyroscope data of mobile devices. The students discussed methods in which to defend against keystroke attacks using IPS or network/bandwidth analysis tools.

These are the sort of discussions that we welcome wholeheartedly. Their experiments could unlock better ways to providing users with a boost in their mobile security.

At this point in time, smartphone users were consistently being targeted. The greatest commodity that attackers want is end user identity. Identity theft is an ever growing concern and people should fully be aware about it.

2014’s keynote speaker was Dawn Song. Her research primarily lies in security and privacy issues in computer systems and networks. At this point in time, she was an Associate Professor of Computer Science at UC Berkeley. She gave a talk entitled “Ask us before you download: Lessons from Analyzing 3 Million Android Apps”. She brought up the fact that there are apps out there that may look and seem innocuous but do in fact, have malware buried deep in their coding. The more common applications to have these are games apps and fake social media apps. Mimic apps have also seen a rise in 2014.

This is an issue that we still see today. Researchers continue to find more and more malware-infested applications in Google Play. It is refreshing to realize that issues such as these were already being discussed in 2014. Hindsight is truly a good way to appreciate discourse achievement

Read More
Blog2 - MoST 2013: Mobile Security Technologies 2013 Math Science 

MoST 2013: Mobile Security Technologies 2013

Continuing our trend of appreciating what we have achieved, this month we discuss MoST 2013. Join us as we provide clear hindsight to one of the events that raised awareness for mobile security. A year in our time pretty much equals ten years in the field of mobile security. It was the year 2013 that the world what introduced to the concepts of Augmented Reality (AR), “Checking In”, and many others.

We brought together some of the best researchers and practitioners to further explore new advances in privacy and security for mobile devices, systems, and other applications. For 2013, our keyword speaker was David Molnar, a researcher at Microsoft Research. Molnar holds a PhD from the University of California.

His discussion was entitled: “Security and Privacy Challenges in Mobile Augmented Reality”. For those unfamiliar with the concept, AR is the tech that superimposes a computer generated image (CGI) upon the user’s view which creates an overlay view. This was popularized by the Nintendo 3DS when it had launched in 2011.

Molnar placed emphasis on privacy concerns for its many users. AR was primarily used in consoles like the Microsoft Kinect and certain mobile applications. Today, you would know this to be what is used for the popular mobile app Pokemon GO. Molnar also touched upon the positive security and privacy apps that are now enabled because of AR.

m2 - MoST 2013: Mobile Security Technologies 2013

Carrying on from last year’s program, there were different sessions that discussed different facets of mobile security. They touched specifically on location and permission, authentication, and privacy and attacks.

There were papers and studies presented by a number of students and professionals. One presentation entitled “Quantifying the Effects of Removing Permissions from Android Applications” was quite interesting. They developed a system for evaluating the supposed effects of removing individual permissions from applications. They found that not all permissions are created equal.

Another study of note was Salvador Mandujano from Intel Corporation. His discussion was entitled “Privacy in the Mobile Hardware Space: Threats and Design Considerations”. It was a survey of the common privacy threats that would be applicable to the hardware of mobile platforms. The study further clarified what mobile malware was and what it does. This placed much emphasis on the need to up the defense of mobile devices. It also presented that hardware and embedded firmware development must take into consideration the risks that are ever present in the sphere of mobile security.

It was a productive conference in the sense that people got a better understanding of the evolving threats that could pounce at any moment. The researchers and speakers placed a lot of emphasis on the fact that there seems to be an alarming disregard for the privacy of users with regard to app permissions and app functionality.

2013 brought light to an issue that really needed attention: the risks brought on by geo-tagging and app permissions. Mobile devices are here to stay so it would be in everyone’s best interest to find better ways to secure it.

Read More