Imperial College London
Portrait Picture

DrSoterisDemetriou

Faculty of EngineeringDepartment of Computing

Lecturer
 
 
 
//

Contact

 

+44 (0)20 7594 8237s.demetriou Website CV

 
 
//

Assistant

 

Ms Lucy Atthis +44 (0)20 7594 8259

 
//

Location

 

353ACE ExtensionSouth Kensington Campus

//

Summary

 

Publications

Citation

BibTex format

@inproceedings{Zhou:2013:10.1145/2508859.2516661,
author = {Zhou, X and Demetriou, S and He, D and Naveed, M and Pan, X and Wang, XF and Gunter, CA and Nahrstedt, K},
doi = {10.1145/2508859.2516661},
pages = {1017--1028},
title = {Identity, location, disease and more: Inferring your secrets from android public resources},
url = {http://dx.doi.org/10.1145/2508859.2516661},
year = {2013}
}
Download

RIS format (EndNote, RefMan)

TY  - CPAPER
AB  - The design of Android is based on a set of unprotected shared resources, including those inherited from Linux (e.g., Linux public directories). However, the dramatic development in Android applications (app for short) makes available a large amount of public background information (e.g., social networks, public online services), which can potentially turn such originally harmless resource sharing into serious privacy breaches. In this paper, we report our work on this important yet understudied problem. We discovered three unexpected channels of information leaks on Android: per-app data-usage statistics, ARP information, and speaker status (on or off). By monitoring these channels, an app without any permission may acquire sensitive information such as smartphone user's identity, the disease condition she is interested in, her geo-locations and her driving route, from top-of-the-line Android apps. Furthermore, we show that using existing and new techniques, this zero-permission app can both determine when its target (a particular application) is running and send out collected data stealthily to a remote adversary. These findings call into question the soundness of the design assumptions on shared resources, and demand effective solutions. To this end, we present a mitigation mechanism for achieving a delicate balance between utility and privacy of such resources. © 2013 ACM.
AU  - Zhou,X
AU  - Demetriou,S
AU  - He,D
AU  - Naveed,M
AU  - Pan,X
AU  - Wang,XF
AU  - Gunter,CA
AU  - Nahrstedt,K
DO  - 10.1145/2508859.2516661
EP  - 1028
PY  - 2013///
SN  - 1543-7221
SP  - 1017
TI  - Identity, location, disease and more: Inferring your secrets from android public resources
UR  - http://dx.doi.org/10.1145/2508859.2516661
ER  -
Download