Innovative and New Forms of Attacks

Cyberattacks are becoming ever more sophisticated, and one of the challenges in security is to anticipate innovative and new forms of attacks before they happen to close any possible vulnerability. Gaining a quick understanding of the methods behind attacks is the first step toward stopping them when they happen, and preparing for future attempts is critical to securing files and systems before they are put at risk.

XiaoFeng Wang and his team work in security issues in web applications, such as third-party API services, such as PayPal Checkout, Google ID, etc. research in these areas has received attention from the industry and media, inspired a line of follow-up research on those directions, and won us a Best Practical Paper Award from Oakland’11 and a Runner-up recognition of the PET Award. The team also does prominent work in mobile security, including the security implications of the Android’s fragmented ecosystem. Through analyzing popular mobile OSes like Android and iOS, they found that those systems are used in a way well beyond what their security mechanisms are designed for. 

Through projects such as PlaceRaider and Soundcomber, Apu Kapadia works in security vulnerabilities in cameras and smartphones. PlaceRaider, a novel visual malware, allows remote attackers to engage in remote reconnaissance and virtual theft. Soundcomber, a proof-of-concept “sensory malware” for smartphones that uses the microphone to steal private information from phone conversations. It uses targeted profiles to locally analyze portions of speech likely to contain information such as credit card numbers.

Steven Myers works in dispersed geolocation tracking.  When GPS and WiFi were becoming standard in smartphones, botnots could reposition themselves to track people who had succumb to a botnot infection as well as those who were clan of the infection.