Dongyao Chen (Shanghai Jiao Tong University), Mert D. Pesé (Clemson University), Kang G. Shin (University of Michigan, Ann Arbor)

ZOOX Best Paper Award Winner ($500 cash prize)!

Driving apps, such as navigation, fuel-price, and road services, have been deployed and used widely. The car-related nature of these services may motivate them to infer the type of their users’ vehicles. We first apply systematic analytics on real-world apps to show that the vehicle-type — seemingly unharmful — information may have serious privacy implications. Next, we demonstrate that attackers can harvest the features of these mobile apps to infer the car-type information in a stealthy way. Specifically, we explore the use of zero-permission mobile motion sensors to extract spectral features for differentiating the engines and body types of vehicles. Based on our experimental results of 17 different cars, we have achieved 82+% and 85+% overall accuracy in identifying three major engine types and four popular body types, respectively.

View More Papers

Evaluations of Cyberattacks on Cooperative Control of Connected and...

H M Sabbir Ahmad (Boston University), Ehsan Sabouni (Boston University), Wei Xiao (Massachusetts Institute of Technology), Christos G. Cassandras (Boston University), Wenchao Li (Boston University)

Read More

AVMON: Securing Autonomous Vehicles by Learning Control Invariants and...

Ahmed Abdo, Sakib Md Bin Malek, Xuanpeng Zhao, Nael Abu-Ghazaleh (University of California, Riverside)

Read More

CHKPLUG: Checking GDPR Compliance of WordPress Plugins via Cross-language...

Faysal Hossain Shezan (University of Virginia), Zihao Su (University of Virginia), Mingqing Kang (Johns Hopkins University), Nicholas Phair (University of Virginia), Patrick William Thomas (University of Virginia), Michelangelo van Dam (in2it), Yinzhi Cao (Johns Hopkins University), Yuan Tian (UCLA)

Read More

EdgeTDC: On the Security of Time Difference of Arrival...

Marc Roeschlin (ETH Zurich, Switzerland), Giovanni Camurati (ETH Zurich, Switzerland), Pascal Brunner (ETH Zurich, Switzerland), Mridula Singh (CISPA Helmholtz Center for Information Security), Srdjan Capkun (ETH Zurich, Switzerland)

Read More