short paper wifileaks underestimated privacy implications
play

Short Paper: WifiLeaks: Underestimated Privacy Implications of the - PowerPoint PPT Presentation

Dec 30, 2022 •272 likes •714 views

Introduction User Survey Application Analysis Potential Solution and Conclusion Short Paper: WifiLeaks: Underestimated Privacy Implications of the ACCESS WIFI STATE Android Permission Jagdish Prasad Achara, Mathieu Cunche, Vincent Roca, and

  1. Introduction User Survey Application Analysis Potential Solution and Conclusion Short Paper: WifiLeaks: Underestimated Privacy Implications of the ACCESS WIFI STATE Android Permission Jagdish Prasad Achara, Mathieu Cunche, Vincent Roca, and Aur´ elien Francillon WiSec’14, Oxford, UK July 25 th , 2014 1 / 17

  2. Introduction User Survey Application Analysis Potential Solution and Conclusion Android Permission System Application Location Internet etc. Accounts Contacts

  3. Introduction User Survey Application Analysis Potential Solution and Conclusion Android Permission System Application permissions Location Internet etc. Accounts Contacts

  4. Introduction User Survey Application Analysis Potential Solution and Conclusion Android Permission System Application permissions Location Internet 145 Permissions etc. Accounts Contacts

  5. Introduction User Survey Application Analysis Potential Solution and Conclusion Android Permission System Application permissions Location Internet 145 Permissions etc. Accounts Contacts Network -Internet -Access wifi Location -etc. -Fine location -Mock location -etc. etc. ( Nature-based classification )

  6. Introduction User Survey Application Analysis Potential Solution and Conclusion Android Permission System Application permissions Location Internet 145 Permissions etc. Accounts Contacts Network Dangerous -Internet -Fine location -Access wifi -Coarse location Location Normal -etc. -etc. -Fine location -Access wifi -Mock location -Access network -etc. -etc. etc. etc. ( Nature-based classification ) ( Protection level-based classification ) 2 / 17

  7. Introduction User Survey Application Analysis Potential Solution and Conclusion Effectiveness of Android Permission System • Poor understanding [Felt et. al. SOUPS’12] • Private Information retrieval without any permission [Zhou et. al. CCS’13] • Privatae Information: Geolocation, Identity etc. [Felt et. al. SOUPS’12] A. P. Felt, E. Ha, S. Egelman, A. Haney, E. Chin, and D. Wagner. Android permissions: User attention, comprehension, and behavior. SOUPS ’12, New York, NY, USA, 2012. ACM. [Zhou et. al. CCS’13] X. Zhou, S. Demetriou, D. He, M. Naveed, X. Pan, X. Wang, C. A. Gunter, and K. Nahrstedt. Identity, location, disease and more: Inferring your secrets from android public resources. In ACM CCS 2013. 3 / 17

  8. Introduction User Survey Application Analysis Potential Solution and Conclusion Effectiveness of Android Permission System • Poor understanding [Felt et. al. SOUPS’12] • Private Information retrieval without any permission [Zhou et. al. CCS’13] • Privatae Information: Geolocation , Identity etc. [Felt et. al. SOUPS’12] A. P. Felt, E. Ha, S. Egelman, A. Haney, E. Chin, and D. Wagner. Android permissions: User attention, comprehension, and behavior. SOUPS ’12, New York, NY, USA, 2012. ACM. [Zhou et. al. CCS’13] X. Zhou, S. Demetriou, D. He, M. Naveed, X. Pan, X. Wang, C. A. Gunter, and K. Nahrstedt. Identity, location, disease and more: Inferring your secrets from android public resources. In ACM CCS 2013. 3 / 17

  9. Introduction User Survey Application Analysis Potential Solution and Conclusion The case of ACCESS WIFI STATE permission (1) Permission description displayed to users • Required to access raw Wi-Fi data • Group [2]: ‘Network’ • Protection level [1]: ‘Normal’ Looks innocuous at first glance! [1] http://developer.android.com/reference/android/Manifest.permission_group.html [2] http://developer.android.com/guide/topics/manifest/permission-element.html 4 / 17

  10. Introduction User Survey Application Analysis Potential Solution and Conclusion The case of ACCESS WIFI STATE permission (2) In fact, it looks innocuous but it is not! It is known that: • Raw Wi-Fi data : A source of sensitive information 1 Surrounding Wi-Fi APs → Approximate user location 2 Wi-Fi MAC address → A unique device identifier 3 Configured Wi-Fi APs → Travel history and Social links [1] 4 Connected Wi-Fi APs and time → Points of interests [1] M. Cunche, M.-A. Kaafar, and R. Boreli. Linking wireless devices using information contained in wi-fi probe requests. Pervasive and Mobile Computing, 2013. 5 / 17

  11. Introduction User Survey Application Analysis Potential Solution and Conclusion The case of ACCESS WIFI STATE permission (2) In fact, it looks innocuous but it is not! It is known that: • Raw Wi-Fi data : A source of sensitive information 1 Surrounding Wi-Fi APs → Approximate user location 2 Wi-Fi MAC address → A unique device identifier 3 Configured Wi-Fi APs → Travel history and Social links [1] 4 Connected Wi-Fi APs and time → Points of interests [1] M. Cunche, M.-A. Kaafar, and R. Boreli. Linking wireless devices using information contained in wi-fi probe requests. Pervasive and Mobile Computing, 2013. 5 / 17

  12. Introduction User Survey Application Analysis Potential Solution and Conclusion The case of ACCESS WIFI STATE permission (2) In fact, it looks innocuous but it is not! It is known that: • Raw Wi-Fi data : A source of sensitive information 1 Surrounding Wi-Fi APs → Approximate user location 2 Wi-Fi MAC address → A unique device identifier 3 Configured Wi-Fi APs → Travel history and Social links [1] 4 Connected Wi-Fi APs and time → Points of interests [1] M. Cunche, M.-A. Kaafar, and R. Boreli. Linking wireless devices using information contained in wi-fi probe requests. Pervasive and Mobile Computing, 2013. 5 / 17

  13. Introduction User Survey Application Analysis Potential Solution and Conclusion The case of ACCESS WIFI STATE permission (2) In fact, it looks innocuous but it is not! It is known that: • Raw Wi-Fi data : A source of sensitive information 1 Surrounding Wi-Fi APs → Approximate user location 2 Wi-Fi MAC address → A unique device identifier 3 Configured Wi-Fi APs → Travel history and Social links [1] 4 Connected Wi-Fi APs and time → Points of interests [1] M. Cunche, M.-A. Kaafar, and R. Boreli. Linking wireless devices using information contained in wi-fi probe requests. Pervasive and Mobile Computing, 2013. 5 / 17

  14. Introduction User Survey Application Analysis Potential Solution and Conclusion The case of ACCESS WIFI STATE permission (2) In fact, it looks innocuous but it is not! It is known that: • Raw Wi-Fi data : A source of sensitive information 1 Surrounding Wi-Fi APs → Approximate user location 2 Wi-Fi MAC address → A unique device identifier 3 Configured Wi-Fi APs → Travel history and Social links [1] 4 Connected Wi-Fi APs and time → Points of interests [1] M. Cunche, M.-A. Kaafar, and R. Boreli. Linking wireless devices using information contained in wi-fi probe requests. Pervasive and Mobile Computing, 2013. 5 / 17

  15. Introduction User Survey Application Analysis Potential Solution and Conclusion Motivation/Goals As this permission seems exploitable, two questions raised: 1 Do users understand the implications of this permission? • i.e., what is the user perception of this permission? 2 Is this permission already being exploited by Apps? • i.e., what is the current situation on Google PlayStore? 6 / 17

  16. Introduction User Survey Application Analysis Potential Solution and Conclusion Motivation/Goals As this permission seems exploitable, two questions raised: 1 Do users understand the implications of this permission? • i.e., what is the user perception of this permission? 2 Is this permission already being exploited by Apps? • i.e., what is the current situation on Google PlayStore? 6 / 17

  17. Introduction User Survey Application Analysis Potential Solution and Conclusion Survey Description • A total of 156 users answered • Diffused through social media and mailing-lists • Composed of 12 questions divided into 3 parts: 1 Demographic info 2 User attitude towards privacy and his experience on Android 3 User perception of the ACCESS WIFI STATE permission 7 / 17

  18. Introduction User Survey Application Analysis Potential Solution and Conclusion A digest of Survey Results ACCESS_NETWORK_STATE 5.63 6.85 CHANGE_WIFI_STATE 5.81 ACCESS_WIFI_STATE ACCESS_FINE_LOCATION 7.86 READ_CONTACTS 9.16 0 2 4 6 8 10 1 Less risky than other permissions (like Geoloc )! 2 Privacy implications (geolocation, travel history) are not well understood • Less than half know about geolocalization! • Less than half know about device unique identifier! • Only 35% know about previously visited locations! 8 / 17

  19. Introduction User Survey Application Analysis Potential Solution and Conclusion A digest of Survey Results ACCESS_NETWORK_STATE 5.63 6.85 CHANGE_WIFI_STATE 5.81 ACCESS_WIFI_STATE ACCESS_FINE_LOCATION 7.86 READ_CONTACTS 9.16 0 2 4 6 8 10 1 Less risky than other permissions (like Geoloc )! 2 Privacy implications (geolocation, travel history) are not well understood • Less than half know about geolocalization! • Less than half know about device unique identifier! • Only 35% know about previously visited locations! 8 / 17

  20. Introduction User Survey Application Analysis Potential Solution and Conclusion Application Analysis: Overview First Step : Permission analysis through crawling [1]: • # of Apps: 2700 Apps (100 * 27 categories) • Results: 41% Apps request ACCESS WIFI STATE Second Step : 998 APKs requesting this permission are downloaded for: 1 Static analysis 2 Dynamic analysis (only 88 Apps are chosen based on static analysis results) [1] https://github.com/egirault/googleplay-api 9 / 17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Privacy Implications of Privacy Settings and Tagging in Facebook Stan Damen, Nicola Zannone

Privacy Implications of Privacy Settings and Tagging in Facebook Stan Damen, Nicola Zannone

Privacy Implications of Privacy Settings and Tagging in Facebook 1 Privacy Implications of Privacy Settings and Tagging in Facebook Stan Damen, Nicola Zannone Eindhoven University of Technology 10th VLDB Workshop on Secure Data Management

476 views • 19 slides
Direct-to-Consumer Neurotechnology: Privacy Implications Deven McGraw, JD, MPH, LLM Partner

Direct-to-Consumer Neurotechnology: Privacy Implications Deven McGraw, JD, MPH, LLM Partner

Direct-to-Consumer Neurotechnology: Privacy Implications Deven McGraw, JD, MPH, LLM Partner Manatt, Phelps & Phillips, LLP August 20, 2014 Why do we care about privacy? 1 Without privacy protections, people will engage in privacy-

577 views • 8 slides
3/2/16 MRO lab report: see Writing, example short paper ,

3/2/16 MRO lab report: see Writing, example short paper ,

3/2/16 MRO lab report: see Writing, example short paper , grading rubic on Blackboard site. March 2, 2016 Short scientific paper (brief communications) Synaptic

559 views • 6 slides
Paper review 1 Privacy is a Process, not a PET A Theory for Effective Privacy Practice

Paper review 1 Privacy is a Process, not a PET A Theory for Effective Privacy Practice

Paper review 1 Privacy is a Process, not a PET A Theory for Effective Privacy Practice Accepted at New Security Paradigms Workshop 2012 Paper review 2 Too Close for Comfort: A Study of the Effectiveness and Acceptability of

515 views • 18 slides
A Short History of Privacy Related Case Law & Privacy Perspectives CSC 249 April 17, 2017

A Short History of Privacy Related Case Law & Privacy Perspectives CSC 249 April 17, 2017

4/18/18 A Short History of Privacy Related Case Law & Privacy Perspectives CSC 249 April 17, 2017 Finding A Partner? Time at the end of class To seek out a classmate of similar interests To work together On the semester

393 views • 22 slides
E.T.L. The underestimated requisite to being data-driven E.T.L. The underestimated requisite to

E.T.L. The underestimated requisite to being data-driven E.T.L. The underestimated requisite to

E.T.L. The underestimated requisite to being data-driven E.T.L. The underestimated requisite to being data-driven Overview of our office 1 Background on open data 2 Our journey to ETL 3 Key takeaways 4 Office of Open Data & Digital

630 views • 31 slides
Privacy in Ubiquitous Computing Options, Trends, and Implications of Smart Objects Marc

Privacy in Ubiquitous Computing Options, Trends, and Implications of Smart Objects Marc

Privacy in Ubiquitous Computing Options, Trends, and Implications of Smart Objects Marc Langheinrich Institut fr Pervasive Computing ETH Zrich Februar 11. 2006 ZiF-Workshop: Privacy and 1 Surveillance Technologies Privacy in Ubiquitous

573 views • 32 slides
Making Privacy a Fundamental Component of Web Resources Paper presentation at W3C Workshop on

Making Privacy a Fundamental Component of Web Resources Paper presentation at W3C Workshop on

Making Privacy a Fundamental Component of Web Resources Paper presentation at W3C Workshop on Privacy for Advanced Web APIs July 12/13, 2010, London Dr. Thomas Dbendorfer thomas.duebendorfer@google.com Tech Lead, Privacy Engineering Team

350 views • 13 slides
A Short Tutorial on Differential Privacy Borja Balle Amazon Research Cambridge The Alan Turing

A Short Tutorial on Differential Privacy Borja Balle Amazon Research Cambridge The Alan Turing

A Short Tutorial on Differential Privacy Borja Balle Amazon Research Cambridge The Alan Turing Institute January 26, 2018 Outline 1. We Need Mathematics to Study Privacy? Seriously? 2. Differential Privacy: Definition, Properties and Basic

868 views • 75 slides
Food Price Heterogeneity and Income Inequality in Malawi: Is Inequality Underestimated? Richard

Food Price Heterogeneity and Income Inequality in Malawi: Is Inequality Underestimated? Richard

Food Price Heterogeneity and Income Inequality in Malawi: Is Inequality Underestimated? Richard Mussa UN-WIDER Development Conference Helsinki, Finland 6 September 2014 Richard Mussa (University of Malawi) Is Inequality Underestimated?

1.58k views • 18 slides
Privacy Implications of Social Networks Gates Scholars' Symposium 1 March 2009 Joseph Bonneau

Privacy Implications of Social Networks Gates Scholars' Symposium 1 March 2009 Joseph Bonneau

Privacy Implications of Social Networks Gates Scholars' Symposium 1 March 2009 Joseph Bonneau Security Research Group Computer Laboratory Outline Why Privacy Matters How Social Networks Change The Game The Current Mess

495 views • 46 slides
Staring at the Sun: Black-box Solar Analytics and their Privacy Implications David Irwin

Staring at the Sun: Black-box Solar Analytics and their Privacy Implications David Irwin

Staring at the Sun: Black-box Solar Analytics and their Privacy Implications David Irwin Electrical and Computer Engineering University of Massachusetts Amherst 1 Solar Energy is Rapidly Expanding Installed cost of solar continues to drop

1.02k views • 70 slides
Implications of GW observations for short GRBs Resmi Lekshmi Indian Institute of Space Science

Implications of GW observations for short GRBs Resmi Lekshmi Indian Institute of Space Science

Implications of GW observations for short GRBs Resmi Lekshmi Indian Institute of Space Science & Technology Trivandrum What are Gamma Ray Bursts? What are short GRBs? Open Questions : Central engine of sGRBs Progenitors of sGRBs GW

438 views • 33 slides
Conference on Seasonality, Seasonal Adjustment and their implications for Short-Term Analysis and

Conference on Seasonality, Seasonal Adjustment and their implications for Short-Term Analysis and

Conference on Seasonality, Seasonal Adjustment and their implications for Short-Term Analysis and Forecasting 10-12 May 2006 Benchmarking in X-12-ARIMA and at Statistics Canada Benoit Quenneville Susie Fortier Zhao-Guo Chen Edith

388 views • 35 slides
Jessica Laemle Presentation Paper Reflection Prior to researching and presenting privacy and

Jessica Laemle Presentation Paper Reflection Prior to researching and presenting privacy and

Jessica Laemle Presentation Paper Reflection Prior to researching and presenting privacy and security in our digital world, I didnt have much knowledge regarding these topics. I was aware that privacy and security are much debated issues in

484 views • 15 slides
WEBINAR - Data Privacy: New Regulation and Implications for Big Data Approaches 29 Nov, 12h CET

WEBINAR - Data Privacy: New Regulation and Implications for Big Data Approaches 29 Nov, 12h CET

WEBINAR - Data Privacy: New Regulation and Implications for Big Data Approaches 29 Nov, 12h CET 2 Re Research Exemptions in in t the G GDPR M. Mostert, LLM Julius Center, University Medical Center Utrecht Introduction Recital 157 GDPR:

493 views • 20 slides
Undo-Redo Principles, concepts Undo patterns Java implementation Undo 1 Undo* Benefits

Undo-Redo Principles, concepts Undo patterns Java implementation Undo 1 Undo* Benefits

Undo-Redo Principles, concepts Undo patterns Java implementation Undo 1 Undo* Benefits Undo lets you recover from errors - input errors (human) and interpretation errors (computer) - you can work quickly (without fear) Undo enables

541 views • 27 slides
Setting Strong Encrypted Passwords Configuring Password Encryption for Clear Text Passwords Cisco

Setting Strong Encrypted Passwords Configuring Password Encryption for Clear Text Passwords Cisco

Setting Strong Encrypted Passwords Configuring Password Encryption for Clear Text Passwords Cisco IOS stores passwords in clear text in network device configuration files for several features such as passwords for local and remote CLI sessions,

354 views • 13 slides
Routing Computer Center, CS, NCTU Dynamic Route Routing Protocol 2 Computer Center, CS,

Routing Computer Center, CS, NCTU Dynamic Route Routing Protocol 2 Computer Center, CS,

Routing Computer Center, CS, NCTU Dynamic Route Routing Protocol 2 Computer Center, CS, NCTU Why dynamic route ? (1) Static route is ok only when Network is small There is a single connection point to other network No

757 views • 41 slides
the evolution of collective intelligence adventures in information sharing wesyoung.me Monday,

the evolution of collective intelligence adventures in information sharing wesyoung.me Monday,

the evolution of collective intelligence adventures in information sharing wesyoung.me Monday, May 21, 12 zombie hunting, the survival guide What is the REN-ISAC? Who do we work with? Why should I care? Challenges the

506 views • 24 slides
Mainframes: The past will come back to haunt you By:

Mainframes: The past will come back to haunt you By:

Mainframes: The past will come back to haunt you By: Philip Soldier of Fortran Young Disclaimer Any views expressed in this talk are my own

1.21k views • 90 slides
Digital Object Memories for the Web of Things Dr.-Ing. Jens Haupert German Research Center for

Digital Object Memories for the Web of Things Dr.-Ing. Jens Haupert German Research Center for

Digital Object Memories for the Web of Things Dr.-Ing. Jens Haupert German Research Center for Artificial Intelligence (DFKI) Web of Things Workshop, June 25 th 2013 Sample Scenario Linking: Physical Object and Object Memory * Order *

880 views • 39 slides
Text Processing Information Retrieval Inf 141 / CS 121 Tokenization Break the input into

Text Processing Information Retrieval Inf 141 / CS 121 Tokenization Break the input into

Text Processing Information Retrieval Inf 141 / CS 121 Tokenization Break the input into words Character stream -> token stream Called a tokenizer / lexer / scanner Compiler front-end Lexer hooks up to parser

497 views • 18 slides
AuCPace: Efficient Verifier-Based PAKE protocol tailored for the IIoT Bjrn Haase, Benot

AuCPace: Efficient Verifier-Based PAKE protocol tailored for the IIoT Bjrn Haase, Benot

Products Solutions Services AuCPace: Efficient Verifier-Based PAKE protocol tailored for the IIoT Bjrn Haase, Benot Labrique Endress + Hauser Conducta GmbH & Co. KG. Slide 1 07/22/2019 B. Haase, B. Labrique AuCPace: Efficient

1.21k views • 81 slides

More recommend