Breaking Mobile Social Networks for Automated User Location Tracking
Kui Ren - University at Buffalo
Apr 01, 2015Size: 109.5MB
Download: MP4 Video
Watch in your Browser Watch on YouTube
AbstractLocation-based social networks (LBSNs) feature location-based friend discovery services attracting hundreds of millions of active users world-wide. While leading LBSN providers claim the well-protection of their users’ location privacy, in this talk we show for the first time through real world attacks that these claims do not hold after summarizing the existing practices from the industry. In our identified attacks, a malicious individual with the capability of no more than a regular LBSN user can easily break most LBSNs by manipulating location information fed to LBSN client apps and running them as location oracles. I will further talk about the development of an automated user location tracking system based on the proposed attack and its test on leading LBSNs including Wechat, Skout, and Momo. Real-world experiments on 30 volunteers and the defense approaches will also be discussed. These findings serve as a critical security reminder of the current LBSNs pertaining to a vast number of users.
About the SpeakerKui Ren is an associate professor of Computer Science and Engineering and the director of UbiSeC Lab at State University of New York at Buffalo. He received his PhD degree from Worcester Polytechnic Institute. Kui's current research interest spans Cloud & Outsourcing Security, Wireless & Wearable System Security, and Human-centered Computing. His research has been supported by NSF, DoE, AFRL, MSR, and Amazon. He is a recipient of NSF CAREER Award in 2011 and Sigma Xi/IIT Research Excellence Award in 2012. Kui received several Best Paper Awards including IEEE ICNP 2011. He currently serves as an associate editor for IEEE TMC, IEEE TIFS, IEEE IoT, IEEE TSG, etc. Kui is a senior member of IEEE, a member of ACM, a Distinguished Lecturer of IEEE, and a past board member of Internet Privacy Task Force, State of Illinois.
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.