8 Matching Annotations
  1. Last 7 days
    1. by Erik Rye, Researcher, University of Maryland

      Wi-Fi Positioning Systems are used by modern mobile operating systems to geolocate themselves without the use of GPS. Both Google and Apple, for instance, run Wi-Fi Positioning Systems for Android and iOS devices to obtain their own location using nearby Wi-Fi access points as landmarks.

      In this work, we show that Apple's Wi-Fi Positioning System represents a global threat to the privacy of hundreds of millions of people. When iOS devices need to geolocate themselves using nearby Wi-Fi landmarks, they transmit a list of hardware identifiers to Apple and receive the geolocations of those access points in return. Unfortunately, this process can be replicated by an unprivileged adversary, who can recreate a copy of Apple's Wi-Fi geolocation database by requesting the locations of access points around the world with no prior knowledge.

      To make matters worse, we demonstrate that by repeatedly querying Apple's Wi-Fi Positioning System for the same identifiers, we can detect Wi-Fi router movement over time. In our data, we see evidence of home relocations, family vacations, and the aftermath of natural disasters like the 2023 Maui wildfires. More disturbingly, we also observe troop and refugee movements into and out of the Ukraine war and the impact of the war in Gaza.

      We conclude by detailing our efforts at responsible disclosure, and offer a number of suggestions for limiting Wi-Fi Positioning Systems' effects on user privacy in the future.

      Full Abstract and Presentation Materials

  2. Sep 2023
  3. Apr 2023
  4. Aug 2022
    1. let's start giving a bit of a recap of all these vulnerabilities that I talked about and be basically aligned to what we defined as intercept for example

      5 areas of vulnerabilities

      1. Intercept calls and texts
      2. Impersonate user identity
      3. Track users
      4. Conduct fraud
      5. DoS users or network

      For each of these types of attacks, vulnerabilities were found in RCS to exploit them.

    1. It was first unveiled during a multimillion dollar heist which led to a hard fork of Ethereum. Reentrancy occurs when external contract calls are allowed to make new calls to the calling contract before the initial execution is complete.

      Reenter attack - The DAO. Basically withdrawal calls before the end of initial execution.

    1. The more community members are free to gain governance power and influence the protocol, the easier it is for attackers to use that same mechanism to make malicious changes. 

      indistinguishability problem and premissionless voting

  5. Dec 2021
    1. Edge computing is an emerging new trend in cloud data storage that improves how we access and process data online. Businesses dealing with high-frequency transactions like banks, social media companies, and online gaming operators may benefit from edge computing.

      Edge Computing: What It Is and Why It Matters0 https://en.itpedia.nl/2021/12/29/edge-computing-what-it-is-and-why-it-matters/ Edge computing is an emerging new trend in cloud data storage that improves how we access and process data online. Businesses dealing with high-frequency transactions like banks, social media companies, and online gaming operators may benefit from edge computing.

  6. Feb 2021