Fig 3 - uploaded by Mark Stamp
Content may be subject to copyright.
Source publication
Near Field Communication (NFC) is an emerging proximity wireless technology used for triggering automatic interactions between mobile devices. In standard NFC usage, one message is sent per device contact, then the devices must be physically separated and brought together again. In this paper, we present a mechanism for automatically sending multip...
Context in source publication
Similar publications
The design of organisations is a complex and laborious task. It is the subject of recent studies, which define models to automatically perform this task. However, existing models constrain the space of possible solutions by requiring a priori definitions of organisational roles and usually are not suitable for planning resource use. This paper pres...
Citations
... Moreover, NFC faces with other potential security threats such as eavesdropping, data modification (i.e., alteration, insertion, or destruction), and relay attacks [7,22,23,39]. Several solutions are proposed to minimize these threats, such as cryptography, distance-bounding protocols, or even particular EMV protocol modifications [17,22,23]. ...
Credit and debit cards are becoming the primary payment method for purchases. These payments are normally performed in merchant’s in-store systems as known as Point-of-Sale (POS) systems. Since these systems handle payment card data while processing the customer transactions, they are becoming a primary target for cybercriminals. These data, when remain at memory, are scraped and exfiltrated by specially crafted malicious software named POS RAM scraping malware. In recent years, large data breaches occurred in well-known US retail companies were caused by this kind of malware. In this paper, we study the features of these malware based on their behavior on different stages: infection and persistence, process and data of interest search, and exfiltration. Then, we classify samples of 22 known POS RAM scraping malware families from 2009 to 2015 according to these features. Our findings show these malware are still immature and use well-defined behavioral patterns for data acquirement and exfiltration, which may make their malicious activity easily detectable by process and network monitoring tools.
... Exfiltration of private data is a threat on mobile devices. Published attacks designed to exfiltrate data from mobile devices have used communication channels such as NFC, Bluetooth, Wi-Fi, and FM radio receivers found in those devices [5,9]. Availability of these features on mobile devices also provide opportunities for using them as receivers for data exfiltration from other non-mobile devices, for example, via electromagnetic emanations [12]. ...
... Rooting of the target phone device is a critical step in our attack implementation. We could have used the rooting process as explained in [5], but we chose instead to build and download Android on the target device in debug mode, giving us automatic root access [7]. To use certain hidden APIs, the SDK needed to be extended with the class files of certain core classes in the framework and telephony modules. ...
Exfiltration of private data from mobile devices is a potential security threat. Previous research concerning such threats has generally focused on techniques that are only valid over short distances (e.g., NFC, Bluetooth, electromagnetic emanations) or fail to be entirely covert. In this research, we develop and analyze an exfiltration attack that has no distance limitation and is completely covert. Specifically, we take advantage of vulnerabilities in Android that enable us to covertly record and exfiltrate a voice call. This paper presents a successful implementation of our attack, which records a call (both uplink and downlink voice streams), and subsequently transmits the recorded voice over an inaudible call. No visual or audio indication is given to the victim during the record or replay phases of the attack. We provide a detailed exposition of our attack, and we briefly consider the challenge of providing strong counter measures to such attacks.
we present the implementation and impact of a wide-range of novel targeted Denial of Service (DoS) attacks on Android devices that are persistent across all recent Android platform versions. The DoS attacks can be selectively focused on denying access to device resources including microphone and camera, preventing the installation of applications, making the device unresponsive, targeting and terminating other running applications and processes, and causing a reboot cycle. To make matters worse, the attacks can be launched through regular apps that do not require a rooted device or any permissions with the exception of the attacks on the microphone and camera resources that require simple access rights. We propose and demonstrate defenses against each of these attacks showing that the security and reliability flaws identified require changes in the underlying Android source code to address them.
