Haohuang Wen (Ohio State University), Phillip Porras (SRI International), Vinod Yegneswaran (SRI International), Zhiqiang Lin (Ohio State University)

The short message service (SMS) is a cornerstone of modern smartphone communication that enables inter-personal text messaging and other SMS-based services (e.g., two-factor authentication). However, it can also be readily exploited to compromise unsuspecting remote victims. For instance, novel exploits such as Simjacker and WIBAttack enable transmission of binary SMS messages that could surreptitiously execute dangerous commands on a victim device. The SMS channel may also be subverted to drive other nefarious activities (e.g., spamming, DoS, and tracking), thereby undermining end-user security and privacy. Unfortunately, neither contemporary smartphone operating systems nor existing defense techniques provide a comprehensive bulwark against the spectrum of evolving SMS-driven threats. To address this limitation, we develop a novel defense framework called RILDEFENDER, which to the best of our knowledge is the first inline prevention system integrated into the radio interface layer (RIL) of Android smartphones. We describe an implementation of RILDEFENDER on three smartphone models with five Android versions of the Android Open Source Project (AOSP), and show that it is able to protect users from six types of SMS attacks spanning four adversary models. We evaluate RILDEFENDER against 19 reproduced SMS attacks and 11 contemporary SMS malware samples and find that RILDEFENDER detects all and automatically prevents all but one of these threats without affecting normal cellular operations.

View More Papers

Augmented Reality’s Potential for Identifying and Mitigating Home Privacy...

Stefany Cruz (Northwestern University), Logan Danek (Northwestern University), Shinan Liu (University of Chicago), Christopher Kraemer (Georgia Institute of Technology), Zixin Wang (Zhejiang University), Nick Feamster (University of Chicago), Danny Yuxing Huang (New York University), Yaxing Yao (University of Maryland), Josiah Hester (Georgia Institute of Technology)

Read More

Breaking and Fixing Virtual Channels: Domino Attack and Donner

Lukas Aumayr (TU Wien), Pedro Moreno-Sanchez (IMDEA Software Institute), Aniket Kate (Purdue University / Supra), Matteo Maffei (Christian Doppler Laboratory Blockchain Technologies for the Internet of Things / TU Wien)

Read More

Towards Privacy-Preserving Platooning Services by means of Homomorphic Encryption

Nicolas Quero (Expleo France), Aymen Boudguiga (CEA LIST), Renaud Sirdey (CEA LIST), Nadir Karam (Expleo France)

Read More

A Case Study on Fuzzing Satellite Firmware

Tobias Scharnowski and Felix Buchmann (Ruhr-Universitat Bochum), Simon Woerner and Thorsten Holz (CISPA Helmholtz Center for Information Security) Presenter: Tobias Scharnowski

Read More