Haohuang Wen (Ohio State University), Phillip Porras (SRI International), Vinod Yegneswaran (SRI International), Zhiqiang Lin (Ohio State University)

The short message service (SMS) is a cornerstone of modern smartphone communication that enables inter-personal text messaging and other SMS-based services (e.g., two-factor authentication). However, it can also be readily exploited to compromise unsuspecting remote victims. For instance, novel exploits such as Simjacker and WIBAttack enable transmission of binary SMS messages that could surreptitiously execute dangerous commands on a victim device. The SMS channel may also be subverted to drive other nefarious activities (e.g., spamming, DoS, and tracking), thereby undermining end-user security and privacy. Unfortunately, neither contemporary smartphone operating systems nor existing defense techniques provide a comprehensive bulwark against the spectrum of evolving SMS-driven threats. To address this limitation, we develop a novel defense framework called RILDEFENDER, which to the best of our knowledge is the first inline prevention system integrated into the radio interface layer (RIL) of Android smartphones. We describe an implementation of RILDEFENDER on three smartphone models with five Android versions of the Android Open Source Project (AOSP), and show that it is able to protect users from six types of SMS attacks spanning four adversary models. We evaluate RILDEFENDER against 19 reproduced SMS attacks and 11 contemporary SMS malware samples and find that RILDEFENDER detects all and automatically prevents all but one of these threats without affecting normal cellular operations.

View More Papers

Semi-Automated Synthesis of Driving Rules

Diego Ortiz, Leilani Gilpin, Alvaro A. Cardenas (University of California, Santa Cruz)

Read More

Fusion: Efficient and Secure Inference Resilient to Malicious Servers

Caiqin Dong (Jinan University), Jian Weng (Jinan University), Jia-Nan Liu (Jinan University), Yue Zhang (Jinan University), Yao Tong (Guangzhou Fongwell Data Limited Company), Anjia Yang (Jinan University), Yudan Cheng (Jinan University), Shun Hu (Jinan University)

Read More

WIP: Augmenting Vehicle Safety With Passive BLE

Noah T. Curran (University of Michigan), Kang G. Shin (University of Michigan), William Hass (Lear Corporation), Lars Wolleschensky (Lear Corporation), Rekha Singoria (Lear Corporation), Isaac Snellgrove (Lear Corporation), Ran Tao (Lear Corporation)

Read More

Let Me Unwind That For You: Exceptions to Backward-Edge...

Victor Duta (Vrije Universiteit Amsterdam), Fabian Freyer (University of California San Diego), Fabio Pagani (University of California, Santa Barbara), Marius Muench (Vrije Universiteit Amsterdam), Cristiano Giuffrida (Vrije Universiteit Amsterdam)

Read More