05/05/2017 18:00 On the Privacy and Security of the Ultrasound Ecosystem


Την Παρασκευή 5 Μαΐου, στις 18:00 θα συζητήσουμε για τους υπερήχους, πως χρησιμοποιούνται για user-tracking και τις απειλές για την ασφάλεια και την ιδιωτικότητα των χρηστών.

Ultrasound tracking systems are gaining traction in the marketing industry because of the high accuracy they offer, and the low deployment cost they come with. For instance, ultrasound cross-device tracking (uXDT) products use the ultrasonic spectrum as a communication channel to “pair” devices and enable marketers to “follow” users across the different devices.

Unfortunately, despite the novelty of the technology, security experts and the authorities (e.g., the Federal Trade Commission) have raised concerns about its privacy implications. Our work is the first comprehensive privacy and security analysis of the ultrasound tracking ecosystem.

In this talk, we will describe and demonstrate the practical security and privacy risks that loom in the ultrasound ecosystem. First, we will showcase how an adversary can exploit an ultrasound tracking framework to launch attacks against users. Subsequently, we will formally analyze the security shortcomings of the ecosystem, and then based on our findings introduce countermeasures that aim to alleviate existing and future threats.

Vasilios Mavroudis is a doctoral researcher in the Information Security Group at University College London. He studies security and privacy aspects of digital ecosystems, with a focus on emerging technologies and previously unknown attack vectors.
His recent publication on ultrasound tracking received wide-spread attention and is considered the seminal work on the security of that ecosystem. Vasilios is currently working towards the standardization of ultrasound communications, and designs extensions of his previous attacks. Moreover, in cooperation with industrial partners, he has recently prototyped a high-assurance hardware architecture, that maintains its security properties even in the presence of malicious hardware components.
In the past, he has developed auditing tools for the Public Key Infrastructure of Deutsche Bank and participated in an international consortium studying large-scale security threats in telecommunication networks. Furthermore, he has cooperated with UC Santa Barbara in several projects, including a detection system for evasive web-malware.