Seminar: Good or Evil? Mobile Device Security Threats and Opportunities
Department of Electrical and Computer Engineering at Rutgers University
January 30, 2019
Patrick F. Taylor Hall, Room 1202
The proliferation of the mobile devices (e.g., smartphones, smartwatches and fitness
trackers) have brought great convenience to the users. The mobile users can enjoy
the flexible access to the device using an embedded touch screen or microphone, conduct
payments anytime and anywhere through the mobile device’s WiFi or cellular network
interface and monitor their health status (e.g., walking steps) via motion sensors.
While the various embedded sensors facilitate a wide range of useful applications
to the users, an adversary may leverage them to derive the user’s sensitive private
information. In this talk, I will introduce the security threats in the mobile devices
caused by the various embedded sensors. Moreover, I will show how to utilize the mobile
sensing technologies as opportunities to develop new mechanisms to enhance the mobile
security and protect the user’s privacy.
As the main focus of the talk, I will demonstrate a serious security breach of wearable devices in the context of divulging secret information (i.e., key entries) while people are accessing key-based security systems (e.g., ATM machines). I will show that the motion sensors on a wearable device can be exploited to discriminate mm-level distances and directions of the user’s fine-grained hand movements, which enable an adversary to reproduce the hand movement trajectories of the user to recover the secret key entries. Moreover, we investigate to what extent the user’s PIN/pattern during the mobile payment could be revealed from a single wearable device under various practical passcode input scenarios when no restrictions are imposed on which hand/wrist to hold the smartphone or wear the wearable.
Finally, I will share with you some exciting research directions I would like to pursue with the aim of participating in building the secure mobile systems that augment the users’ lives and protect their privacies.
Chen Wang is currently a Ph.D. candidate in Computer Engineering at Rutgers University and works in Wireless Information Network Laboratory (WINLAB) under the supervision of Prof. Yingying Chen. Chen Wang received his bachelor’s and master’s degrees from the University of Electronic Science and Technology of China (UESTC) in 2009 and 2012. His research interests include cyber security and privacy, smart healthcare, mobile sensing and computing, Internet of Things and machine learning. He is the recipient of three Best Paper Awards from the top security conferences, IEEE Conference on Communications and Network Security (IEEE CNS) 2018, IEEE CNS 2014 and ACM Conference on Information, Computer and Communications Security (ASIACCS) 2016. His recent research won the Best Poster Runner-up from ACM MobiCom 2018. From 2014 to 2018, his research studies have been widely reported by over 150 media outlets, including Rutgers News, Stevens News, IEEE Spectrum, NSF Science 360, CBS TV, BBC News, NBC, IEEE Engineering 360, Fortune, ABC News, MIT Technology Review, USA Today, Daily Mail, Science Daily, CTV News, etc.