Good or Evil? Mobile Device Security Threats and Opportunities
Date: Monday, February 11, 2019
Time: 3:00 PM
Location: 235 Weir Hall
Speaker: Chen Wang
Abstract: The proliferation of the mobile devices (e.g., smartphones, smartwatches and fitness trackers) have brought great convenience to the users. The mobile users can enjoy the flexible access to the device using an embedded touch screen or microphone, conduct payments anytime and anywhere through the mobile device’s WiFi or cellular network interface and monitor their health status (e.g., walking steps) via motion sensors. While the various embedded sensors facilitate a wide range of useful applications to the users, an adversary may leverage them to derive the user’s sensitive private information. In this talk, I will introduce the security threats in the mobile devices caused by the various embedded sensors. Moreover, I will show how to utilize the mobile sensing technologies as opportunities to develop new mechanisms to enhance the mobile security and protect the user’s privacy.
As the main focus of the talk, I will demonstrate a serious security breach of wearable devices in the context of divulging secret information (i.e., key entries) while people are accessing key-based security systems (e.g., ATM machines). I will show that the motion sensors on a wearable device can be exploited to discriminate mm-level distances and directions of the user’s fine-grained hand movements, which enable an adversary to reproduce the hand movement trajectories of the user to recover the secret key entries. Moreover, we investigate to what extent the user’s PIN/pattern during the mobile payment could be revealed from a single wearable device under various practical passcode input scenarios when no restrictions are imposed on which hand/wrist to hold the smartphone or wear the wearable.Finally, I will share with you some exciting research directions I would like to pursue with the aim of participating in building the secure mobile systems that serve the users’ lives and protect their privacies.
Bio: Chen Wang is currently a Ph.D. candidate in Computer Engineering at Rutgers University and works in Wireless Information Network Laboratory (WINLAB) under the supervision of Prof. Yingying Chen. Chen Wang received his bachelor’s and master’s degrees from the University of Electronic Science and Technology of China (UESTC) in 2009 and 2012. His research interests include cyber security and privacy, smart healthcare, mobile sensing and computing, Internet of Things and machine learning. He is the recipient of three Best Paper Awards from the top security conferences, IEEE Conference on Communications and Network Security (IEEE CNS) 2018, IEEE CNS 2014 and ACM Conference on Information, Computer and Communications Security (ASIACCS) 2016. His recent research won the Best Poster Runner-up from ACM MobiCom 2018. From 2014 to 2018, his research studies have been widely reported by over 150 media outlets, including Rutgers News, Stevens News, IEEE Spectrum, NSF Science 360, CBS TV, BBC News, NBC, IEEE Engineering 360, Fortune, ABC News, MIT Technology Review, USA Today, Daily Mail, Science Daily, CTV News, etc.