exploiting social
play

Exploiting Social Navigation MEITAL BEN SINAI NIMROD PARTUSH SHIR - PowerPoint PPT Presentation

Feb 25, 2023 •23 likes •373 views

Exploiting Social Navigation MEITAL BEN SINAI NIMROD PARTUSH SHIR YADID ERAN YAHAV Technion, Israel Outline Intro Goals & Motivation Attacks (+Demos (^o^) ) Defense Summary & Conclusions Exploiting Social

  1. Exploiting Social Navigation MEITAL BEN SINAI NIMROD PARTUSH SHIR YADID ERAN YAHAV Technion, Israel

  2. Outline • Intro • Goals & Motivation • Attacks (+Demos \ (^o^) / ) • Defense • Summary & Conclusions Exploiting Social Navigation - Black Hat Asia 2015 - Meital Ben Sinai, Nimrod Partush, Shir Yadid, Eran Yahav 2

  3. Intro • Navigation (like most content) is becoming social • Waze has over 50 Million Users • The data is being crowdsourced • But the crowd is oblivious to consequences • What kind of attacks can be applied in this context? • Can the crowdsourcing process be exploited? • How to mitigate? Exploiting Social Navigation - Black Hat Asia 2015 - Meital Ben Sinai, Nimrod Partush, Shir Yadid, Eran Yahav 3

  4. How did this happen? - while driving out of congested Jerusalem with Waze on, on a Thursday afternoon. As a joke, called and told my adviser He took it too seriously.. Enter undergrads*! + = Exploiting Social Navigation - Black Hat Asia 2015 - Meital Ben Sinai, Nimrod Partush, Shir Yadid, Eran Yahav 4

  5. Exploiting Social Navigation - Black Hat Asia 2015 - Meital Ben Sinai, Nimrod Partush, Shir Yadid, Eran Yahav 5

  6. Research Goal • Successfully apply a Sybil Attack to a social navigation system • And explore what can be gained “ In a Sybil attack the attacker subverts the reputation system of a peer-to-peer network by creating a large number of pseudonymous identities, using them to gain a disproportionately large influence ” Exploiting Social Navigation - Black Hat Asia 2015 - Meital Ben Sinai, Nimrod Partush, Shir Yadid, Eran Yahav 6

  7. Motivation Exploiting Social Navigation - Black Hat Asia 2015 - Meital Ben Sinai, Nimrod Partush, Shir Yadid, Eran Yahav 8

  8. Attacks Exploiting Social Navigation - Black Hat Asia 2015 - Meital Ben Sinai, Nimrod Partush, Shir Yadid, Eran Yahav 10

  9. Attack #1: Creating False Congestion & Affecting Routing • (Insert Demo Here) Exploiting Social Navigation - Black Hat Asia 2015 - Meital Ben Sinai, Nimrod Partush, Shir Yadid, Eran Yahav 11

  10. Navigation

  11. Successful Attack

  12. Navigation has Changed!

  13. Spoof Attack: Responses • "These students may be in an "excellence program" but obviously they, and more so the academic adviser, have lost their moral compass which is far more important for providing direction than Waze. Even if the project was done as a prank or as an academic exercise, the results are no different than physically going out and blocking a major roadway , something that presumably would not be tolerated by the legal system. And to then go and brag about it? Why are they not swiftly being investigated by the police.. " Exploiting Social Navigation - Black Hat Asia 2015 - Meital Ben Sinai, Nimrod Partush, Shir Yadid, Eran Yahav 19

  14. Spoof Attack: Disclosure • We notified Waze of the attack 2 months before publishing • We saw a change in the registration process roughly 6 months after publishing (+8 months) • 6 months later, the attack seemed to have been patched • At least in the small setting of our experiment Exploiting Social Navigation - Black Hat Asia 2015 - Meital Ben Sinai, Nimrod Partush, Shir Yadid, Eran Yahav 20

  15. Spoof Attack: Implications • National • Render the system useless • Waste time & fuel (& pollution) of users • Private Financial • Congest (free) roads near toll roads • Make people drive by my restaurant\sign • Create congestion near the competition • Criminal • Lead a target down an attacker controlled path • Personal • Clear roads to save time • Get people out (or in?) of your neighborhood Exploiting Social Navigation - Black Hat Asia 2015 - Meital Ben Sinai, Nimrod Partush, Shir Yadid, Eran Yahav 21

  16. Attack #2: Tracking Users • (Insert Demo Here) Exploiting Social Navigation - Black Hat Asia 2015 - Meital Ben Sinai, Nimrod Partush, Shir Yadid, Eran Yahav 22

  17. Exploiting Social Navigation - Meital Ben Sinai, Nimrod Partush, Shir Yadid, Eran Yahav 23

  18. Exploiting Social Navigation - Meital Ben Sinai, Nimrod Partush, Shir Yadid, Eran Yahav 24

  19. Exploiting Social Navigation - Meital Ben Sinai, Nimrod Partush, Shir Yadid, Eran Yahav 25

  20. Exploiting Social Navigation - Meital Ben Sinai, Nimrod Partush, Shir Yadid, Eran Yahav 26

  21. (: You're Never Fully Dressed Without A Smile Exploiting Social Navigation - Meital Ben Sinai, Nimrod Partush, Shir Yadid, Eran Yahav 27

  22. Exploiting Social Navigation - Meital Ben Sinai, Nimrod Partush, Shir Yadid, Eran Yahav 28

  23. Exploiting Social Navigation - Meital Ben Sinai, Nimrod Partush, Shir Yadid, Eran Yahav 29

  24. Exploiting Social Navigation - Meital Ben Sinai, Nimrod Partush, Shir Yadid, Eran Yahav 30

  25. Exploiting Social Navigation - Meital Ben Sinai, Nimrod Partush, Shir Yadid, Eran Yahav 31

  26. Exploiting Social Navigation - Meital Ben Sinai, Nimrod Partush, Shir Yadid, Eran Yahav 32

  27. Exploiting Social Navigation - Meital Ben Sinai, Nimrod Partush, Shir Yadid, Eran Yahav 33

  28. Hectororrantia 52724 385646 one year ago Exploiting Social Navigation - Meital Ben Sinai, Nimrod Partush, Shir Yadid, Eran Yahav 34

  29. Exploiting Social Navigation - Meital Ben Sinai, Nimrod Partush, Shir Yadid, Eran Yahav 35

  31. Privacy Attack: Implications • 2-way street • Track location from identity • Spy on people • Know if a target is near you • Infer identity from location • Infer persons of interest from location • Attack can be focused • R\W • Tracking is read, Spoofing is write Exploiting Social Navigation - Black Hat Asia 2015 - Meital Ben Sinai, Nimrod Partush, Shir Yadid, Eran Yahav 37

  32. Mitigating Attacks • Tracking attack: Waze allows you to opt out of the ‘ Live map ’ • But this is not the default option • Spoofing attack: Can be mitigated by using carrier information • Waze started doing this after the attack became pubic  • Read more in the white paper! Exploiting Social Navigation - Black Hat Asia 2015 - Meital Ben Sinai, Nimrod Partush, Shir Yadid, Eran Yahav 39

  33. Summary • A Sybil attack on Social navigation is possible • We demonstrated a spoofing & tracking attack • Attacks requires no RE-ing, uses the Waze mechanism against itself • Tracked thousands of users • Successfully created false congestion reports • Reproducible • Routing affected • Vast implications • Suggested mitigation • Adapted by Waze (??) Exploiting Social Navigation - Black Hat Asia 2015 - Meital Ben Sinai, Nimrod Partush, Shir Yadid, Eran Yahav 48

  34. Conclusions • Users should beware of blindly trusting social applications • Even in reliable applications such as Waze • Applications with millions of users can and should put more effort into security • Undergrads* can be useful Exploiting Social Navigation - Black Hat Asia 2015 - Meital Ben Sinai, Nimrod Partush, Shir Yadid, Eran Yahav 49

  35. Questions? Exploiting Social Navigation - Black Hat Asia 2015 - Meital Ben Sinai, Nimrod Partush, Shir Yadid, Eran Yahav 50

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Social Engineering Fundamentals Exploiting the Human Bugs Anthony C. Zboralski

Social Engineering Fundamentals Exploiting the Human Bugs Anthony C. Zboralski

Social Engineering Fundamentals Exploiting the Human Bugs Anthony C. Zboralski <z@bellua.com> Social Engineering ... the social engineer is able to take advantage of people to obtain information with or without the use of

653 views • 18 slides
Exploiting social networks for Internet search Alan Mislove Krishna Gummadi Peter

Exploiting social networks for Internet search Alan Mislove Krishna Gummadi Peter

Exploiting social networks for Internet search Alan Mislove Krishna Gummadi Peter Druschel Max Planck Institute for Software Systems Rice University HotNets 2006 Search in the Internet Web has transformed information

816 views • 43 slides
Di ff erentially-Private Batch Query Answering Exploiting the Workload vs. Exploiting the Data

Di ff erentially-Private Batch Query Answering Exploiting the Workload vs. Exploiting the Data

Di ff erentially-Private Batch Query Answering Exploiting the Workload vs. Exploiting the Data Gerome Miklau University of Massachusetts, Amherst DIMACS Workshop on Recent Work on Di ff erential Privacy across Computer Science October 2012

1.39k views • 136 slides
n2Mate Exploiting social capital to create a standards-rich semantic network David Peterson

n2Mate Exploiting social capital to create a standards-rich semantic network David Peterson

Presented by Dr Renato Iannella n2Mate Exploiting social capital to create a standards-rich semantic network David Peterson BoaB interactive david@boabinteractive.com.au Anne Cregan National ICT Australia anne.cregan@nicta.com.au

416 views • 17 slides
Generating and Exploiting Large-scale Pseudo Training Data for Zero Pronoun Resolution Ting Liu

Generating and Exploiting Large-scale Pseudo Training Data for Zero Pronoun Resolution Ting Liu

Generating and Exploiting Large-scale Pseudo Training Data for Zero Pronoun Resolution Ting Liu , Yiming Cui , Qingyu Yin , Weinan Zhang , Shijin Wang and Guoping Hu Research Center for Social Computing and Information

479 views • 19 slides
C3 B: Exploiting the Num erous C3 B: Exploiting the Num erous Possibilities W eb Technology

C3 B: Exploiting the Num erous C3 B: Exploiting the Num erous Possibilities W eb Technology

C3 B: Exploiting the Num erous C3 B: Exploiting the Num erous Possibilities W eb Technology Offers to Elevate Questions Offers to Elevate Questions Arnaud Wijnant wijnant@uvt.nl Maurice Martens m.g.j.martens@uvt.nl IBUC 2010 Baltimore 11/

403 views • 12 slides
Exploiting carbon and nitrogen Exploiting carbon and nitrogen compounds for enhanced energy

Exploiting carbon and nitrogen Exploiting carbon and nitrogen compounds for enhanced energy

Exploiting carbon and nitrogen Exploiting carbon and nitrogen compounds for enhanced energy compounds for enhanced energy and resource recovery and resource recovery Bahareh Kokabian Veera Gnaneswar Gude Civil & Environmental Engineering

514 views • 37 slides
Exploiting Graph Embeddings for Graph Analysis Tasks Fatemeh Salehi Rizi Graph Embedding Day

Exploiting Graph Embeddings for Graph Analysis Tasks Fatemeh Salehi Rizi Graph Embedding Day

Exploiting Graph Embeddings for Graph Analysis Tasks Fatemeh Salehi Rizi Graph Embedding Day University of Lyon September 7, 2018 Outline Circle Prediction Social labels in an ego-network Semantic Content of Vector Embeddings Network

810 views • 46 slides
Exploiting Level- Exploiting Level -of of- -Detail Perception Detail Perception Multiple

Exploiting Level- Exploiting Level -of of- -Detail Perception Detail Perception Multiple

Special Course on Networked Virtual February 26, 2004 Environments Exploiting Level- Exploiting Level -of of- -Detail Perception Detail Perception Multiple Multiple- -Channel Architecture Channel Architecture Nearby viewers Nearby

165 views • 5 slides
Exploiting the Power of MIP Solvers in MAXSAT Jessica Davies 1 and Fahiem Bacchus 2 1 MIAT, INRA,

Exploiting the Power of MIP Solvers in MAXSAT Jessica Davies 1 and Fahiem Bacchus 2 1 MIAT, INRA,

Exploiting the Power of MIP Solvers in MAXSAT Jessica Davies 1 and Fahiem Bacchus 2 1 MIAT, INRA, Toulouse, France 2 Department of Computer Science, University of Toronto Outline 1. Background 2. The MaxHS Approach 3. Exploiting CPLEX 4.

630 views • 43 slides
Incident Response to Social Engineering Attacks: Domain Hijacking Ramses Martinez Director of

Incident Response to Social Engineering Attacks: Domain Hijacking Ramses Martinez Director of

Incident Response to Social Engineering Attacks: Domain Hijacking Ramses Martinez Director of Information Security Date: June 22, 2010 Background More and more attacks are exploiting business logic using social engineering attacks. Low

425 views • 15 slides
Finding and Exploiting LTL Trajectory Constraints in Heuristic Search Salom e Simon Gabriele

Finding and Exploiting LTL Trajectory Constraints in Heuristic Search Salom e Simon Gabriele

Motivation LTL f in Classical Planning Finding Information Exploiting Information Experiments Conclusion Finding and Exploiting LTL Trajectory Constraints in Heuristic Search Salom e Simon Gabriele R oger University of Basel,

423 views • 28 slides
Exploiting More ILP ILP = __________________ _________________ ________________

Exploiting More ILP ILP = __________________ _________________ ________________

Exploiting More ILP ILP = __________________ _________________ ________________ (parallelism within a single program) How can we exploit more ILP? Slide Set #20: Advanced Pipelining, Multiprocessors, 1. ________________________

448 views • 5 slides
Exploiting Exploiting Back-End Back-End APIs APIs fo for Feasible easible Ontology-Based

Exploiting Exploiting Back-End Back-End APIs APIs fo for Feasible easible Ontology-Based

Simon Simon Schiff Schiff, zgr zgr L. L. zep zep Exploiting Exploiting Back-End Back-End APIs APIs fo for Feasible easible Ontology-Based Ontology-Based Stream Stream Access cess Fourth Stream Reasoning Workshop,

260 views • 22 slides
Hold Everything We Need RPA, or is it AI? EXPLOITING AI FOR PROCESS EXCELLENCE

Hold Everything We Need RPA, or is it AI? EXPLOITING AI FOR PROCESS EXCELLENCE

Hold Everything We Need RPA, or is it AI? EXPLOITING AI FOR PROCESS EXCELLENCE ajburgess.com thatspacecadetglow.com Robotic Process Automation The use of flexible software tools to automate manual activities for the delivery of

1.03k views • 73 slides
Exploiting Generational Garbage Collection Using Data Remnants to Improve Memory Analysis and

Exploiting Generational Garbage Collection Using Data Remnants to Improve Memory Analysis and

Exploiting Generational Garbage Collection Using Data Remnants to Improve Memory Analysis and Digital Forensics Adam Pridgen 1 1 Rice University, Houston, TX, USA January 18, 2017 Pridgen Exploiting Generational Garbage Collection 1 Outline

1.33k views • 77 slides
Metrics & Scoring Committee October 19, 2018 HEALTH POLICY & ANALYTICS Office of Health

Metrics & Scoring Committee October 19, 2018 HEALTH POLICY & ANALYTICS Office of Health

Metrics & Scoring Committee October 19, 2018 HEALTH POLICY & ANALYTICS Office of Health Analytics Todays Agenda Welcome State of public health in Oregon and opportunities for incentive measures to aid in improvement HPQMC

806 views • 51 slides
Welcome to F 1 O 1 O D 2 S A F ETY BEST PRACTICES May , 0 1 6 P AR T 1: Fresh Produce

Welcome to F 1 O 1 O D 2 S A F ETY BEST PRACTICES May , 0 1 6 P AR T 1: Fresh Produce

5/11/2016 Welcome to F 1 O 1 O D 2 S A F ETY BEST PRACTICES May , 0 1 6 P AR T 1: Fresh Produce and Locally Grown Foods Catherine S trohbehn, P hD, RD, CP-FS Extension S pecialist/ Adj unct P rofessor We will begin shortly

522 views • 11 slides
Sustainable Downtown Development presentation to COMPASS Board Retreat May 17, 2010

Sustainable Downtown Development presentation to COMPASS Board Retreat May 17, 2010

Sustainable Downtown Development presentation to COMPASS Board Retreat May 17, 2010 Presentation Content Introduction and Background L. Ed Miller Develop a Common Vision - Gary Allen Focus and Prioritize - Gary Allen

477 views • 13 slides
Bituminous PWT (Percent Within Tolerance) Steven L. Koser, P.E. Pennsylvania Department of

Bituminous PWT (Percent Within Tolerance) Steven L. Koser, P.E. Pennsylvania Department of

Bituminous PWT (Percent Within Tolerance) Steven L. Koser, P.E. Pennsylvania Department of Transportation Adam M. Ostinowsky, E.I.T. Urban Engineers, Inc. www.dot.state.pa.us 1 Quality PWT is a continuation of the Departments goal of

590 views • 35 slides
ELBIT SYSTEMS Shir Hever Economist Part 1: Methodology The presentation about Elbit Systems

ELBIT SYSTEMS Shir Hever Economist Part 1: Methodology The presentation about Elbit Systems

ELBIT SYSTEMS Shir Hever Economist Part 1: Methodology The presentation about Elbit Systems will be divided into two parts. While I will focus on the background information on the company itself, Jamal Juma who will speak after me will

220 views • 6 slides
The Complete Italian Machzor For all the communities which follow the Italian Customs By Rabbi

The Complete Italian Machzor For all the communities which follow the Italian Customs By Rabbi

The Complete Italian Machzor For all the communities which follow the Italian Customs By Rabbi Dr. Menachem Emanuel Artom zl Renewed Publication 2005 JERUSALEM FINE ART PRINTS (studio 503) JERUSALEM FINE ART PRINTS (studio 503) Shalom

642 views • 13 slides
First Universalist Church Co-location Information and Listening Sessions April and May, 2019

First Universalist Church Co-location Information and Listening Sessions April and May, 2019

First Universalist Church Co-location Information and Listening Sessions April and May, 2019 Objectives for Today Describe vision and purpose for possible co-location with Shir Tikvah Provide more detailed information than previous

722 views • 27 slides
Labour Rights Law Office Sebastien Anderson, Barrister & Solicitor Labour Rights Law Office:

Labour Rights Law Office Sebastien Anderson, Barrister & Solicitor Labour Rights Law Office:

Labour Rights Law Office Sebastien Anderson, Barrister & Solicitor Labour Rights Law Office: Who are we? Our people A virtual law office S ebastien Anderson, BC & AB Toll-free access 24/ 7/ 365 Daniel Oleksiuk, BC

301 views • 29 slides

More recommend