{"id":5279,"date":"2014-09-03T15:24:18","date_gmt":"2014-09-03T13:24:18","guid":{"rendered":"https:\/\/informatica.uniurb.it\/triennale\/?p=5279"},"modified":"2014-09-03T15:24:18","modified_gmt":"2014-09-03T13:24:18","slug":"smdsp-day-two","status":"publish","type":"post","link":"https:\/\/informatica.uniurb.it\/triennale-informatica\/smdsp-day-two\/","title":{"rendered":"SMDSP Day two"},"content":{"rendered":"
<\/p>\n As reported before<\/a>, we are now at day three of the\u00a0International Summer School on Smart & Mobile Device Security and Privacy<\/a>, after lots of lectures, a tiny bit of sightseeing, not much sleep and\u00a0\u2014 unfortunately\u00a0\u2014 some bad weather.<\/p>\n Dr. Ivan Martinovic<\/a> from the University of Oxford gave us an overview about his research about secure key exchange on wireless networks, avoiding the widely used Diffie-Hellman method<\/a> and exploiting inherent characteristics of the wireless channel between the two parties trying to exchange key (specifically: how the signal between the parties is influenced by the physical room between them as a unique signature). Moreover, he gave us an outline of his work on face and daze detection.<\/p>\n Getting back to the Android platform, prof. Sadeghi<\/a> continued his outline of the large attack surface that a mobile device (and its OS) represent. Attacks to Android can be performed at various levels, starting from the applications installed, the Android middleware and getting as low as the underlying Linux kernel. Applications can perform many malicious actions even without particular effort, by exploiting the access permissions that users often unknowingly grant during installation. Otherwise, they can try to “collude” with other malicious or unsafe applications in order to perform actions without the user’s consent. Some apps can exploit bugs in system apps or in the middleware to get \u00a0higher privileges (or even gain root access to the phone). It was interesting to see many of such attacks\u00a0live<\/em> during a short lab session.<\/p>\n Lucas Davi<\/a>, from University Darmstadt, gave a basic overview of how return-oriented attacks are performed and how ASLR, DEP and similar techniques help preventing such attacks (and how they can be circumvented).<\/p>\n <\/p>\n
<\/a><\/p>\n
<\/a><\/p>\n