报告题目:USB Charging Attacks on Smartphones: Design and Defence
报告时间:12月13日上午10:00
报告地点:国家网络安全学院805
报告人: Weizhi Meng博士
报告人单位: Technical University of Denmark
个人简介:Dr. Weizhi Meng is currently an assistant professor in the Cyber Security Section, Department of Applied Mathematics and Computer Science, Technical University of Denmark (DTU), Denmark. He obtained his Ph.D. degree in Computer Science from the City University of Hong Kong (CityU), Hong Kong. Prior to joining DTU, he worked as a research scientist in Infocomm Security (ICS) Department, Institute for Infocomm Research, A*Star, Singapore, and as a senior research associate in CS Department, CityU. He won the Outstanding Academic Performance Award during his doctoral study, and is a recipient of the Hong Kong Institution of Engineers (HKIE) Outstanding Paper Award for Young Engineers/Researchers in both 2014 and 2017. He is also a recipient of Best Paper Award from ISPEC 2018, and Best Student Paper Award from NSS 2016. His primary research interests are cyber security and intelligent technology in security, including intrusion detection, smartphone security, biometric authentication, HCI security, trust management, blockchain in security, and malware analysis. He served as program committee members for 20+ international conferences. He has been or will be a co-PC chair for IEEE Blockchain 2018, IEEE ATC 2019, IFIPTM 2019, Socialsec 2019. He also served as guest editor for FGCS, JISA, Sensors, CAEE, IJDSN, SCN, WCNC, etc.
报告摘要:Smartphones such as Android phones and iPhones are widely adopted worldwide and users’ privacy are challenged by various malware and attacks. In the literature, malware has received much attention, while the phone-charging threats are often ignored. However, current public charging facilities may open a hole for cyber-criminals to infer private and sensitive data from smartphone users. This talk begins by introducing several existing charging attacks via USB charging cable, as well as our developed Juice Filming Charging (JFC) attack that can steal users' private information through automatically video-capturing phone screen via a standard USB connector. The attack efficiency relies on the observations that users are not aware of any risk when charging their phones in public places and that most users would interact with their phone during the charging procedure. Then, this talk presents several potential solutions to defend against such attacks, and discusses the future directions.
邀请人:何德彪教授