Abstract We show that the new hover (floating touch) technology, available in a number of today’s smartphone models, can be abused by any Android application running with a common SYSTEM_ALERT_WINDOW permission to record all touchscreen input into other applications. Leveraging this attack, a malicious application running on the system is therefore able to profile user’s
Abstract Eye tracking devices are becoming increasingly popular as an interface between people and consumer-grade electronic devices. Due to the fact that human eye movements are fast, responsive, and carry information unique to an individual, analyzing a person’s gaze is particularly attractive for effortless biometric authentication. We demonstrate that the distinguishing power of eye movement biometrics can be used to
Abstract Authenticating websites is an ongoing problem for users. Recent proposals have suggested strengthening current server authentication methods by incorporating website location as an additional authentication factor. In this work, we explore how location information affects users’ decision-making for security and privacy. We conducted a series of qualitative interviews to learn how users relate location
Abstract – MELBL – (MELANI Botnet List): The MELANI botnet list contains botnet IPs/Domains which, we extract from malware binaries/configs or which we get from other partners. Different ISPs block the listed C&Cs via BGP Feed or on their security gateways. – MalDB: The malware database is filled up by MELANI and we inform infected website owners respectively their
Abstract Cache and differential power analysis attacks are major concerns for cryptographic implementations. Constant-time security and probing security are information flow policies used by practitioners to improve side-channel resistance of their code against cache attacks and DPA attacks respectively. I will present recent work [1,2,3] on rigorous approaches for proving that implementations verify constant-time and probing security. [1] J. C. Bacelar
Abstract Man-in-the-middle attacks in TLS due to compromised CAs have been mitigated by log-based PKI enhancements such as Certificate Transparency. However, these log-based schemes do not offer sufficient incentives to logs and monitors, and do not offer any automatic actions that domains can take in response to CA misbehavior. We propose REACT, an Ethereum-based PKI
Abstract Open Systems is an independent Swiss IT security provider based in Zurich, which has recently become a proud member organisation of ZISC. With its operation centres in Zurich and Sydney, Open Systems monitors and secures network infrastructure and business-critical applications for over 100 enterprises and NGOs in 180 countries. On roughly 4’000 devices, we