- Privacy Leakage via Unrestricted Motion-Position Sensors in the Age of Virtual Reality: A Study of Snooping Typed Input on Virtual Keyboards
Yi Wu, Cong Shi, Tianfang Zhang, Payton Walker, Jian Liu, Nitesh Saxena and Yingying Chen
In IEEE Symposium on Security and Privacy (IEEE S&P; Oakland), May 2023.
Paper (conditionally) accepted to MobiSys 2023
Paper accepted to USENIX Security 2023
- Hidden Reality: Caution, Your Hand Gesture Inputs in the Immersive Virtual World are Visible to All!
Sindhu Reddy Kalathur Gopal, Diksha Shukla, James Wheelock, and Nitesh Saxena
In the 32nd USENIX Security Symposium, August 2023.
2 full papers accepted to WiSec 2023
- BarrierBypass: Out-of-Sight Clean Voice Command Injection Attacks through Physical Barriers
Payton Walker, Tianfang Zhang, Cong Shi, Nitesh Saxena and Yinying Chen
In the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), May/June 2023.
- SoK: An Analysis of End-to-End Encryption and Authentication Ceremonies in Secure Messaging Systems
Mashari Alatawi and Nitesh Saxena
In the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), May 2023.
Cybersecurity Program Led By Dr. Saxena Ranks Best!
UAB’s MS program in Cybersecurity ranked #1 among best cybersecurity graduate programs by Fortune. This is the program Dr. Saxena architected and led for almost a decade before he joined A&M in 2021, jointly with his superb colleagues in Criminal Justice (the same program led to UAB’s $3M Scholarship for Service program, funded by NSF, which Dr. Saxena led as well). There are some reasonably good programs in the list, including Syracuse and Indiana Bloomington.
We all know rankings do not always work, but students value them, and so this one is for all current and former students of the program! Cheers!
EarSpy in Media
The EarSpy received extensive national and international media coverage. It’s a vulnerability that can be used to eavesdrop over phone calls and caller identities by listening through benign-looking, “zero-permission” hardware sensors such as accelerometers on the phones. Led by one of SPIES PhD students, Ahmed Tanvir Mahdad, in a collaboration with several universities. The paper is here: https://arxiv.org/abs/2212.12151, and some instances of major coverage appears below:
- This creepy Android flaw can detect your identity and even gender, MSN, December 28 2022
- EarSpy — A New Attack on Android Devices Use Motion Sensors to Steal Sensitive Data, Medium.com, January 7, 2023
- EarSpy can eavesdrop on your phone conversations using motion sensors, Android Police, January 1, 2023
- How hackers could use popular virtual reality headsets to steal sensitive informatioEarSpy : cette technique permet d’écouter vos appels grâce à l’accéléromètre, CNET France, January 3, 2023
- EarSpy Attack Can Use Motion Sensors Data to Pry on Android Devices, Hackread, December 29, 2022
- EarSpy attack eavesdrops on Android phones via motion, Bleepingcomputer, December 27, 2022
- EarSpy: Spying on Phone Calls via Ear Speaker Vibrations Captured by Accelerometer, Securityweek, December 28, 2022
- EarSpy Spying on Phone Calls via Ear Speaker Vibrations Captured by Accelerometer, Odaloop, 2 January 2023
- EarSpy can spy on your phone calls by using motion sensors, Android Headlines, 2 January 2023
- EarSpy can eavesdrop on your phone conversations using motion sensors, Reddit, 2 January 2023
- Android: Interception of calls through.. motion sensors!, iTechnews Greece, January 5, 2023
- Can the New EarSpy Hack Eavesdrop on Your Phone Conversations Through Vibrations?, Timesnow News India, January 3, 2023
- EarSpy, Android and how smartphones can be eavesdropped, Lifestyle.bg Bulgeria, January 3, 2023
- EarSpy’s research has proven that Androids can be eavesdropped by vibrations picked up by the accelerometer, MobileMania Czech Republic, December 29, 2022
- EarSpy – A New Attack on Android Devices Use Motion Sensors to Steal Sensitive Data, GBhackers on Security, December 30, 2030
- Security: how your smartphone’s call speaker can be used without your knowledge, Frandroid France, January 2, 2023
Dr. Saxena is a Co-PI on Thematic AI Lab
Dr. Saxena is a Co-PI on a new Thematic AI Lab, competitively-funded by the A&M Data Science Institute. The lab focuses on Design and Analytics for Urban AI with some emphasis on cybersecurity.
Paper accepted to ICISC 2022
- Exploring Encrypted Keyboards to Defeat Client-Side Scanning in End-to-End Encryption Systems
Mashari Alatawi, Nitesh Saxena.
International Conference on Information Security and Cryptology (ICISC), November/December 2022
Paper accepted to PMC 2022
- Chirp-Loc: Multi-Factor Authentication via Acoustically-Generated Location Signatures
Prakash Shrestha, Hien Truong, Pupu Toivonen, Nitesh Saxena, Sasu Tarkoma, Petteri Nurmi
In Pervasive and Mobile Computing (PMC) Journal, November 2022.
A New Grant from NSA
Dr. Saxena to co-lead a new project funded by NSA. We will be focusing on developing advanced AI techniques for malware detection.