Presentation is loading. Please wait.

Presentation is loading. Please wait.

ReCon: Revealing and Controlling PII Leaks in Mobile Network Systems

Published byBruno Shields Modified over 6 years ago

Similar presentations

Presentation on theme: "ReCon: Revealing and Controlling PII Leaks in Mobile Network Systems"— Presentation transcript:

1 ReCon: Revealing and Controlling PII Leaks in Mobile Network Systems
In Proc. of ACM Mobisys 2016 David Choffnes, Northeastern University Jingjing Ren, Northeastern University Ashwin Rao, University of Helsinki Martina Lindorfer, Vienna Univ. of Technology Arnaud Legout, INRIA Sophia-Antipolis

2 What is a PII? Device identifier (IMEI, MAC address, etc.)
User identifier (name, gender, etc.) Contact information (address book, etc.) Location (GPS, zip code) Credential (username, password)

3 Where are stored all your PII?

4

5 How severe are PII leaks today?
Test manually the 100 most popular apps for each store

6

7 Our solution: ReCon A system using supervised ML to accurately identify and control PII leaks from network traffic with crowdsource reinforcement

8 Why using ML? Pattern matching such as “user=legout” leads to many FP and FN, because the context matters

9 Manuel test: top 100 apps from each official store
Automatic test: top 850 Android apps from a third party store

10 GET /index.html?id=12340;foo=bar;name=legout;
pass=jf3jNF#5h Feature extraction: bag of words

11 GET /index.html?id=12340;foo=bar;name=legout;
pass=jf3jNF#5h Feature extraction: bag of words Use thresholds to remove infrequent or too frequent words

12 Ground truth from the controlled experiments
C4.5 decision tree We evaluated many, but it is the best tradeoff between accuracy and speed Per-domain and per-OS classifier Faster and more accurate because the context depends on the domain and the OS

13

14

15

16 Does it work? Three experimental validations

17 10-fold cross validation
2.2% false positive 3.5% false negative

18 ReCon vs. static and dynamic analysis
ReCon finds missing leaks after retraining

19 ReCon in the wild 239 users in March 2016 (IRB approved)
137 iOS, 108 Android devices 14,101 PII found and 6,747 confirmed by users

20 ReCon in the wild The retraining phase is important
FP decreased by 92% FN increased by 0.5%

21 ReCon in the wild 21 apps exposing passwords in plaintext
Used by millions (Match, Epocrates) Responsibly disclosed 13 have fixed the problem

22 ReCon: Revealing and Controling PII Leaks in Mobile Network Systems
Sign up:

Download ppt "ReCon: Revealing and Controlling PII Leaks in Mobile Network Systems"

Similar presentations

Mobile Application Development Keshav Bahadoor. Part 1 Cross Platform Web Applications.

Mobile Application Development Keshav Bahadoor. Part 1 Cross Platform Web Applications.
Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces Roberto Perdisci, Igino Corona, David Dagon, Wenke Lee ACSAC.

Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces Roberto Perdisci, Igino Corona, David Dagon, Wenke Lee ACSAC.
1 / 21 Network Characteristics of Video Streaming Traffic Ashwin Rao †, Yeon-sup Lim *, Chadi Barakat †, Arnaud Legout †, Don Towsley *, and Walid Dabbous.

1 / 21 Network Characteristics of Video Streaming Traffic Ashwin Rao †, Yeon-sup Lim *, Chadi Barakat †, Arnaud Legout †, Don Towsley *, and Walid Dabbous.
Medical University of South Carolina Office of the CIO – Information Services Endpoint Security Team Mobile Device Management March 8, 2012.

Medical University of South Carolina Office of the CIO – Information Services Endpoint Security Team Mobile Device Management March 8, 2012.
Secure SharePoint mobile connectivity

Secure SharePoint mobile connectivity
Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks Qi Alfred Chen, Zhiyun Qian†, Z. Morley Mao University of.

Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks Qi Alfred Chen, Zhiyun Qian†, Z. Morley Mao University of.
Classification of Gene-Phenotype Co-Occurences in Biological Literature Using Maximum Entropy CIS 630 - Term Project Proposal November 1, 2002 Sharon Diskin.

Classification of Gene-Phenotype Co-Occurences in Biological Literature Using Maximum Entropy CIS Term Project Proposal November 1, 2002 Sharon Diskin.
IOS 8 for MDM/EMM Greg Elliott Shiv Chandra Kumar.

IOS 8 for MDM/EMM Greg Elliott Shiv Chandra Kumar.
© 2012 IBM Corporation IBM Israel Software Lab (ILSL( Daniel Yellin, Director March 2013.

© 2012 IBM Corporation IBM Israel Software Lab (ILSL( Daniel Yellin, Director March 2013.
EXTRACT: MINING SOCIAL FEATURES FROM WLAN TRACES: A GENDER-BASED CASE STUDY By Udayan Kumar Ahmed Helmy University of Florida Presented by Ahmed Alghamdi.

EXTRACT: MINING SOCIAL FEATURES FROM WLAN TRACES: A GENDER-BASED CASE STUDY By Udayan Kumar Ahmed Helmy University of Florida Presented by Ahmed Alghamdi.
DAS/BEST ITSecurity Division. RSA SecurID Software Tokens: Make strong authentication a convenient part of doing business. Deploy RSA software tokens.

DAS/BEST ITSecurity Division. RSA SecurID Software Tokens: Make strong authentication a convenient part of doing business. Deploy RSA software tokens.
Effective Real-time Android Application Auditing

Effective Real-time Android Application Auditing
Instructions for Administrators Choose the Enrollment slide decks that match your environment, either for SaaS or On Premise. Edit the red text to match.

Instructions for Administrators Choose the Enrollment slide decks that match your environment, either for SaaS or On Premise. Edit the red text to match.
TOUCHSIGNATURES Maryam Mehrnezhad, Ehsan Toreini, Siamak F. Shahandashti, Feng Hao Newcastle University CryptoForma meeting, Belfast 4 May 2015.

TOUCHSIGNATURES Maryam Mehrnezhad, Ehsan Toreini, Siamak F. Shahandashti, Feng Hao Newcastle University CryptoForma meeting, Belfast 4 May 2015.
Instructions for Administrators Choose the Enrollment slide decks that match your environment, either for SaaS or On Premise. Edit the red text to match.

Instructions for Administrators Choose the Enrollment slide decks that match your environment, either for SaaS or On Premise. Edit the red text to match.
Web Logic Vulnerability By Eric Jizba and Yan Chen With slides from Fangqi Sun and Giancarlo Pellegrino.

Web Logic Vulnerability By Eric Jizba and Yan Chen With slides from Fangqi Sun and Giancarlo Pellegrino.
By Gianluca Stringhini, Christopher Kruegel and Giovanni Vigna Presented By Awrad Mohammed Ali 1.

By Gianluca Stringhini, Christopher Kruegel and Giovanni Vigna Presented By Awrad Mohammed Ali 1.
Periscope How to broadcast your way to more Closings Brought to you By: YOUR INFO PHONE NUMBER NMLS#

Periscope How to broadcast your way to more Closings Brought to you By: YOUR INFO PHONE NUMBER NMLS#
Slides and projects at samsclass.info. Adding Trojans to Apps Slides and projects at samsclass.info.

Slides and projects at samsclass.info. Adding Trojans to Apps Slides and projects at samsclass.info.
Title of Presentation DD/MM/YYYY © 2015 Skycure 1 1 1 Why Are Hackers Winning the Mobile Malware Battle.

Title of Presentation DD/MM/YYYY © 2015 Skycure Why Are Hackers Winning the Mobile Malware Battle.

Similar presentations

Ads by Google