News & Events

UK SPS Seminar 30th June 2021 - Information-Flow Analysis

Title: Information-Flow Analysis for Mobile and Wearable Device Security and Privacy
 
Held: Wed, 30 June, 15:00 – 16:00 (UK time) 
Speaker: Jorge Blasco (RHUL)
 

Relevant publications: RAID 2020 and USENIX Security 2019

Abstract: Information flow analysis techniques have been widely applied to the analysis of mobile applications. In this talk we will explore how they can be used to study the security and privacy properties in mobile-to-IoT and wearable device interactions. For this, we separate the interaction methods in two main categories: those enabled by the operating system in the form of proprietary APIs (Android Wear) and those that are done directly at a lower level using wireless protocols such as Bluetooth Low Energy. We show how we can instrument Google Play APIs to perform information flow analysis over Android Wear API calls. With this, we can identify what information is being exchanged between the mobile application and its wearable counterpart, being able to reason about possible privacy leakages. When looking at lower level interactions, we analyse how Android implements its Bluetooth Low Energy stack and identify an issue that would allow any application with Bluetooth permissions to access any BLE connected device without the users’ consent. We measure how many BLE-enabled apps are affected by this and provide mitigation recommendations to stakeholders in the BLE ecosystem.

Bio: Dr Jorge Blasco obtained his PhD from Universidad Carlos III de Madrid in 2012. He moved to the UK in 2014 (City, University of London) and joined Royal Holloway, University of London, in 2016. In 2018 he was named the MSc in Information Security Programme director. He is currently the head of the Systems and Software Security Lab (S3Lab). His research focuses on security and privacy issues of app-enabled ecosystems. This research program is underpinned by the development of new methods to identify and track sensitive information-flows on various platforms (Android, IoT, Extension-enabled apps, etc.).
 
Please feel free to forward to others who might be interested. 
 
UK-SPS is an inter-university seminar series on cyber security and privacy. Seminar details are also advertised on our websitecalendar and Twitter, and recordings will be available on our YouTube channel afterwards. 
 

Last modified: Tue, 27 Jul 2021 10:21:39 BST