RøB: Ransomware over Modern Web Browsers
Modern Energy Management Systems (EMS) are becoming increasingly complex in order to address the urgent issue of global energy consumption. These systems retrieve vital information from various Internet-connected devices in a smart grid to function effectively. However, due to the critical tasks they perform and the sensitive information they handle, such devices make a very attractive target for attackers. Numerous factors including high interconnectivity and outdated firmware, result in such devices being susceptible to cyber attacks. Malicious actors can exploit these vulnerabilities present in the devices to perform detrimental tasks such as modifying critical firmware, sending bogus sensor data, or stealing sensitive information. To address this issue, we propose a novel framework that integrates PowerWatch, a solution that detects compromised devices in the smart grid, with Cyber-secure Power Router (CSPR), a modern energy management system that is connected to various smart-grid devices. In addition, we propose a distributed infrastructure scheme in which numerous CSPR devices are being monitored using PowerWatch capabilities. The goal is to ascertain whether or not CSPR has operated maliciously, which PowerWatch achieves by utilizing a machine learning model that analyzes information from system or library call lists extracted from CSPR in order to detect malicious activity in the EMS. To test the efficacy of our framework, a number of unique attack scenarios were performed on a realistic testbed that comprises functional versions of CSPR and PowerWatch. Our performance evaluation investigates the effectiveness of this first-of-its-kind merger and provides insight into the feasibility of developing future cyber-secure EMS. The results of our experimental procedures yielded 100\\% accuracy for each of the attack scenarios. Finally, our implementation demonstrates that the integration of PowerWatch and CSPR is effective and yields minimal overhead to the EMS.
Project Sponsor: National Science Foundation
HDMI-Walk: Attacking HDMI devices through the High Definition Media Interface (HDMI)

Privacy-Aware Wearable-Assisted Continuous Authentication Framework
SaINT: Sensitive Information Tracking in IoT Applications

Proviz: Sensor Development Software for IoT Devices

6thSense: Securing Sensory Side-Channels in Cyber-Physical Systems and IoT Devices and Applications

Compromised Device Detection

Authors: Abbas Acar, Hossein Fereidooni, Tigist Abera, Amit Kumar Sikder, Markus Miettinen, Hidayet Aksu, Mauro Conti, Ahmad-Reza Sadeghi, A. Selcuk Uluagac Link: https://arxiv.org/pdf/1808.02741.pdf Corresponding Author: Abbas Acar In this work, we introduce a novel multi-stage privacy attack against user privacy in a smart environment. It is realized utilizing state-of-the-art machine-learning approaches for detecting and identifying particular types of IoT devices, their actions, states, and ongoing user activities in a cascading style by only observing passively the traffic from smart home devices and sensors. The attack effectively works on both encrypted and unencrypted communications. We evaluate the efficiency of the attack with real measurements from an extensive set of popular off-the-shelf smart home IoT devices and sensors utilizing a set of diverse network protocols like WiFi, ZigBee, and BLE. Our results show that an adversary passively sniffing the traffic can achieve very high accuracy (above 90%) in identifying the state and actions of targeted smart home devices and their users. To protect against this privacy leakage, we also propose a countermeasure based on generating spoofed traffic to hide the real activities of the devices. We also demonstrate that the provided solution provides better protection than existing solutions.
Aegis: A Context-aware Security Framework for Smart Home Systems
Adaptive Solutions for DeFi: Leveraging T2EMA’s Dynamic Oracle Protection
Decentralized Exchanges (DEXs) are vital to the crypto ecosystem, especially in Decentralized Finance (DeFi), offering autonomy, privacy, and yield opportunities. With nearly 1 million users and billions in trading volume, they remain vulnerable to price oracle manipulation, with 41 attacks reported by Chainalysis in 2022. This paper presents T2EMA, a protocol combining Trimmed Mean (TM) and Exponential Moving Average (EMA) for price calculation. T2EMA detects outliers that signal manipulation and adjusts its smoothing factor to counter attacks. It can be easily integrated into on-chain and off-chain oracles. By reducing price fluctuations, T2EMA improves the security and reliability of DEXs, addressing vulnerabilities with a more resilient price aggregation method.

Unveiling the Global Landscape of Android Security Updates
Android is the world’s leading mobile operating system, with over three billion active devices. Detecting vulnerabilities and ensuring timely patch deployment are critical to maintaining security. The Android Open Source Project (AOSP) has enhanced the transparency of security updates through Security Patch Levels. However, challenges related to update speed and availability persist. In 2022, Google reported that half of the zero-day vulnerabilities discovered in the wild were variations of vulnerabilities that had already been patched. Recent research mainly highlights delays in update distribution, often attributing them to fragmentation and focusing primarily on flagship devices or limited time-frames. Our approach takes a device-centric perspective to investigate Android update patterns, analyzing 567K security update records from 2014 to 2024, covering 904 distinct devices from six key Original Equipment Manufacturers (OEMs) across 98 countries. Our extensive analysis revealed notable differences in update release timing across OEMs, device types, and regions. Our study also examines documented vulnerabilities and weaknesses, while assessing OEM compliance with Android security guidelines. Our study shows that ∼89.7% of vulnerabilities on unpatched Android devices are exploitable without user interaction and with low attack complexity. We also identified delays linked to fragmentation and OEM-specific challenges, and provide actionable insights for improvement.