App repackaging refers to the practice of customizing an existing mobile app and redistributing it in the wild to fool the final user into installing the repackaged app instead of the original one. In this way, an attacker can embed malicious payload into a legitimate app for different aims, such as access to premium features, redirect revenue,...
-
2021 (v1)PublicationUploaded on: April 14, 2023
-
2021 (v1)Publication
App repackaging refers to the practice of customizing an existing mobile app and redistributing it in the wild. In this way, the attacker aims to force some mobile users to install the repackaged (likely malicious) app instead of the original one. This phenomenon strongly affects Android, where apps are available on public stores, and the only...
Uploaded on: April 14, 2023 -
2024 (v1)Publication
No description
Uploaded on: October 21, 2024 -
2020 (v1)Publication
No description
Uploaded on: April 14, 2023 -
2023 (v1)Publication
The IoT paradigm revolves around a tight interaction between the IT side (i.e., the thing and the software therein) and the human counterpart. From a security standpoint, both these aspects should be taken into consideration when building up reliable and effective security solutions. We argue that traditional static approaches to securing IoT...
Uploaded on: October 11, 2023 -
2020 (v1)Publication
Smart speakers and voice-based virtual assistants are used to retrieve information, interact with other devices, and command a variety of Internet of Things (IoT) nodes. To this aim, smart speakers and voice-based assistants typically take advantage of cloud architectures: vocal commands of the user are sampled, sent through the Internet to be...
Uploaded on: April 14, 2023 -
2020 (v1)Publication
Smart speakers and voice-based virtual assistants are core building blocks of modern smart homes. For instance, they are used to retrieve information, interact with other devices, and command a variety of Internet of Things (IoT) nodes. To this aim, smart speakers and voice-based assistants typically take advantage of cloud architectures: vocal...
Uploaded on: April 14, 2023 -
2021 (v1)Publication
Smart speakers and voice-based virtual assistants are core components for the success of the IoT paradigm. Unfortunately, they are vulnerable to various privacy threats exploiting machine learning to analyze the generated encrypted traffic. To cope with that, deep adversarial learning approaches can be used to build black-box countermeasures...
Uploaded on: April 14, 2023 -
2021 (v1)Publication
Fuchsia is a new open-source operating system that aims to support a wide range of devices - from embedded systems to personal computers -and is currently under active development. The core architectural principles guiding the design and development of the OS include high system modularity and a specific focus on security and privacy. This...
Uploaded on: April 14, 2023 -
2020 (v1)Publication
The number of security incidents involving mobile devices has risen in the past years. This means that organizations must seriously consider such devices within their threat landscape and prepare their cybersecurity operators to prevent, identify, and manage security issues involving them. Nowadays, cyber ranges represent the most effective and...
Uploaded on: February 14, 2024 -
2020 (v1)Publication
Developers of mobile apps gather a lot of user's personal information at runtime by exploiting third-party analytics libraries, without keeping the owner (i.e., the user) of such information in the loop. We argue that this is somehow paradoxical. To overcome this limitation, in this paper, we discuss a methodology (i.e., MobHide), allowing the...
Uploaded on: February 14, 2024 -
2019 (v1)Publication
Smartwatches offer new capabilities to develop sophisticated applications that make daily life easier and more convenient for consumers and are becoming increasingly ubiquitous. The kind of services these devices are capable to provide include applications for mobile payment, ticketing, identification, access control, etc. While this makes...
Uploaded on: April 14, 2023 -
2020 (v1)Publication
The Google Play Store currently includes up to 2.8M apps. Nonetheless, it is rather straightforward for a user to quickly retrieve the app that matches her tastes, as Google provides a reliable search engine. However, it is likewise almost impossible to select apps according to a security footprint (e.g., all apps that enforce SSL pinning). To...
Uploaded on: April 14, 2023 -
2019 (v1)Publication
The market for invoice inancing has been steadily growing in the last few years and has been the third inancing market in size in 2016. Most solutions in this ield are based on private platforms and even the new proposals based on blockchain are mostly adopting a private, permissioned blockchain. In this paper, we propose an idea based on a...
Uploaded on: April 14, 2023 -
2019 (v1)Publication
Frame Confusion is a vulnerability affecting hybrid applications which allows circumventing the isolation granted by the Same-Origin Policy. The detection of such vulnerability is still carried out manually by application developers, but the process is error-prone and often underestimated. In this paper, we propose a sound and complete...
Uploaded on: April 14, 2023 -
2020 (v1)Publication
The access to privacy-sensitive information on Android is a growing concern in the mobile community. Albeit Google Play recently introduced some privacy guidelines, it is still an open problem to soundly verify whether apps actually comply with such rules. To this aim, in this paper, we discuss a novel methodology based on a fruitful...
Uploaded on: April 14, 2023 -
2020 (v1)Publication
Current computing paradigm like Mobile, Fog, and Cloud Computing are becoming far more interconnected, thereby moving from single, isolated, paradigms to complex ecosystems built on a fruitful integration among several computing paradigms. From a security standpoint, this leads to a novel and unprecedented attack surface. To deal with such...
Uploaded on: April 14, 2023 -
2021 (v1)Publication
Fog computing is an emerging distributed computational paradigm that moves the computation towards the edge (i.e., where data are produced). Although Fog operating systems provide basic security mechanisms, security controls over the behaviour of applications running on Fog nodes are limited. For this reason, applications are prone to a variety...
Uploaded on: April 14, 2023 -
2019 (v1)Publication
Portable sequencing machines, such as the Oxford Nanopore MinION, are making the genome sequencing ubiquitous. Consequently, metagenomic studies are becoming increasingly popular, yielding important insights into microbial communities covering diverse environments from terrestrial to aquatic ecosystems. Furthermore, the adoption of low-power...
Uploaded on: April 14, 2023 -
2020 (v1)Publication
Obfuscapk is an open-source automatic obfuscation tool for Android apps that works in a black-box fashion (i.e., it does not need the app source code). Obfuscapk supports advanced obfuscation features and has a modular architecture that could be straightforwardly extended to support new obfuscation techniques. This paper introduces the...
Uploaded on: April 14, 2023 -
2020 (v1)Publication
Cellular networks are fundamental infrastructures nowadays, so that any communication problem could affect the user in different ways, from accessing social networks up to personal safety issues. In this work, we explore the feasibility of carrying out a DDoS attack to the Home Subscriber Server of the 4G network through non-3GPP access, i.e....
Uploaded on: April 14, 2023 -
2022 (v1)Publication
Mobile applications (hereafter, apps) collect a plethora of information regarding the user behavior and his device through third-party analytics libraries. However, the collection and usage of such data raised several privacy concerns, mainly because the end-user - i.e., the actual owner of the data - is out of the loop in this collection...
Uploaded on: April 14, 2023 -
2022 (v1)Publication
A recent study has found that malicious bots generated nearly a quarter of overall website traffic in 2019 [102]. These malicious bots perform activities such as price and content scraping, account creation and takeover, credit card fraud, denial of service, and so on. Thus, they represent a serious threat to all businesses in general, but are...
Uploaded on: March 27, 2023 -
2019 (v1)Publication
Smartwatches are becoming increasingly ubiquitous as they offer new capabilities to develop sophisticated applications that make daily life easier and more convenient for consumers. The services provided include applications for mobile payment, ticketing, identification, access control, etc. While this makes modern smartwatches very powerful...
Uploaded on: April 14, 2023 -
2021 (v1)Publication
A growing trend in repackaging attacks exploits the Android virtualization technique, in which malicious code can run together with the victim app in a virtual container. In such a scenario, the attacker can directly build a malicious container capable of hosting the victim app instead of tampering with it, thus neglecting any anti-repackaging...
Uploaded on: April 14, 2023