Speaker: Ben Y. Zhao, University. of California, Santa Barbara
Title: Mimicry Attacks In Mobile App Communities
Host: Zhong Shao
Many of our most indispensable mobile apps today function by building communities of users who contribute content, such as restaurant reviews, traffic alerts, and news and information. However, these online communities can be disrupted and manipulated by coordinated groups of fake identities under the control of a single attacker. Our recent work identifies a general approach where attackers can eavesdrop on server-side APIs, and use them to build lightweight scripts that fully mimic operational mobile apps. This allows attackers to scale up attacks, to compromise and overwhelm popular mobile apps to spread misinformation, manipulate opinions, and even track our physical movements. I will present our experiences identifying these attacks, particularly in the context of the Waze navigational app, and our experiences working with Google to address some of these security holes. Finally, I will discuss one potential defense, along with ongoing work to develop general defenses against device mimicry attacks.
Ben Zhao is a Professor at the Computer Science department, U. C. Santa Barbara. He completed his PhD from Berkeley (2004) and his BS from Yale (BS 1997). He is an ACM distinguished scientist, and recipient of the NSF CAREER award, MIT Technology Review’s TR-35 Award (Young Innovators Under 35), ComputerWorld Magazine’s Top 40 Tech Innovators award, Google Faculty award, and IEEE ITC Early Career Award. His work has been covered by media outlets such as New York Times, Boston Globe, LA Times, MIT Tech Review, and Slashdot. He has published over 130 articles in areas of security and privacy, networked/distributed systems, wireless networks, data-mining and HCI.