Search Results

1 - 3 of 3 items :

  • physical tests x
  • Databases and Data Mining x
  • Computer Sciences x
  • IT-Security and Cryptology x
Clear All
A Study of MAC Address Randomization in Mobile Devices and When it Fails

Abstract

Media Access Control (MAC) address randomization is a privacy technique whereby mobile devices rotate through random hardware addresses in order to prevent observers from singling out their traffic or physical location from other nearby devices. Adoption of this technology, however, has been sporadic and varied across device manufacturers. In this paper, we present the first wide-scale study of MAC address randomization in the wild, including a detailed breakdown of different randomization techniques by operating system, manufacturer, and model of device.

We then identify multiple flaws in these implementations which can be exploited to defeat randomization as performed by existing devices. First, we show that devices commonly make improper use of randomization by sending wireless frames with the true, global address when they should be using a randomized address. We move on to extend the passive identification techniques of Vanhoef et al. to effectively defeat randomization in ~96% of Android phones. Finally, we identify a previously unknown flaw in the way wireless chipsets handle low-level control frames which applies to 100% of devices we tested. This flaw permits an active attack that can be used under certain circumstances to track any existing wireless device.

Open access
Power to peep-all: Inference Attacks by Malicious Batteries on Mobile Devices

Yuval Yarom. 2016. ECDSA key extraction from mobile devices via nonintrusive physical side channels. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security . ACM, 1626–1638. [13] Matthew Halpern, Yuhao Zhu, and Vijay Janapa Reddi. 2016. Mobile CPU’s rise to power: Quantifying the impact of generational mobile CPU design trends on performance, energy, and user satisfaction. In 2016 IEEE International Symposium on High Performance Computer Architecture (HPCA) . 64–76. [14] Jun Han, Emmanuel Owusu, Le T Nguyen, Adrian

Open access
Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications

://www.cgsecurity.org/wiki/PhotoRec . [19] Picas.tech Privacy Policy. http://archive.today/2018.06.14-231220/https://www.picas.tech/privacyandroid.php . (last accessed 06/14/2018). [20] PIL. https://pypi.python.org/pypi/PIL . [21] Prisma Privacy Policy. http://archive.today/2018.06.14-232142/http://prisma-ai.com/privacy.html . (last accessed 06/14/2018). [22] Protocol Buffers. https://developers.google.com/protocol-buffers/ . [23] Scalpel. https://github.com/sleuthkit/scalpel . [24] tcpxtract. http://tcpxtract.sourceforge.net/ . [25] TestFairy Mobile Testing

Open access