报告题目：My Smartphone Knows Your Health Data: Exploiting Android-Based Deception Attacks Against Smartbands
Jiajia Liu(S’11-M’12-SM’15) received his B.S. and M.S. degrees both in computer science from Harbin Institute of Technology in 2004 and from Xidian University in 2009, respectively, and received his Ph.D. degree in information sciences from Tohoku University in 2012. He was a JSPS special research fellow in Tohoku University from Apr. 2012 to Oct. 2013, and a data analytics engineer in Aviation Industry Corporation of China from Jul. 2004 to Aug. 2006. He has been a Full Professor at the School of Cyber Engineering, Xidian University, since 2013, and has been the director of the Institute of Network Science and Technology at Xidian University since 2015, the director of Internet of Things Security Research Center, Xidian Univ since 2016, and the director of Networked Intelligent Vehicle Security Research Laboratory, Xidian University - 360 Technology Inc. since 2017. He was selected into the prestigious “Huashan Scholars” program by Xidian University in 2015. He has published more than 70 peer-reviewed papers in many high quality publications, including prestigious IEEE journals and conferences. He received the Best Paper Awards from many international conferences including IEEE flagship events, such as IEEE GLOBECOM in 2016, IEEE WCNC in 2012 and 2014. He was the recipient of the prestigious 2012 Niwa Yasujiro Outstanding Paper Award due to his exceptional contribution to the analytics modeling of two-hop ad hoc mobile networks, which has been regarded by the award committees as the theoretical foundation for analytical evaluation techniques of future ad hoc mobile networks. He was also a recipient of the Tohoku University President Award 2013, Graduate School of Information Sciences Dean Award 2013, Professor Genkuro Fujino Award 2012, Chinese Government Award for Outstanding Ph.D. Students Abroad 2011 and the RIEC Student Award 2012. His research interests cover a wide range of areas including load balancing, wireless and mobile ad hoc networks, Fiber-Wireless networks, Internet of things, cloud computing and storage, network security, LTE-A and 5G, SDN and NFV. He has been actively joining the society activities, like serving as associate editors for IEEE Transactions on Computers (Oct. 2015-present) and IEEE Transactions on Vehicular Technology (Jan. 2016 - present), editor for IEEE Network (July 2015-present), guest editors of top ranking international journals like IEEE Transactions on Emerging Topics in Computing (TETC), IEEE Network Magazine, IEEE Internet of Things (IoT) Journal, etc., and serving as technical program committees of numerous international conferences like the leading symposium co-chair of AHSN symposium for GLOBECOM 2017, CRN symposium for ICC 2018, AHSN symposium for ICC 2019. He is a Distinguished Lecturer of the IEEE Communications Society.
Although a number of vulnerabilities have been reported for smart wearables and lots of efforts have been taken to strengthen their security, wearable devices face still significant threats of privacy leakage due to their own inherent characteristics. Towards this end, we re-investigate in this talk the security concerns of smartbands. In particular, we first introduce our detailed methodology for security analysis, then apply it to popular commercial smartbands of three different brands, identify their common vulnerabilities, and develop accordingly a fake Android application (App) utilizing the identified loopholes, given the protection measures of shelling, obfuscation, as well as forcable pairing and resetting. By installing the fake App, we are able to conduct deception attacks against the targeted smartbands, succeeding to remotely activate/deactivate shaking function, to adjust/modify time (including value and format), and to obtain the smartband owner's sensitive/health data. During our deception attacks, no cooperation from the smartband owner is required, neither the pairing process between the targeted smartbands and our fake App.