Kui Ren - University at Buffalo
Students: Spring 2025, unless noted otherwise, sessions will be virtual on Zoom.
Breaking Mobile Social Networks for Automated User Location Tracking
Apr 01, 2015
Download: MP4 Video Size: 109.5MBWatch on YouTube
Abstract
Location-based social networks (LBSNs) feature location-based friend discovery services attracting hundreds of millions of active users world-wide. While leading LBSN providers claim the well-protection of their users' location privacy, in this talk we show for the first time through real world attacks that these claims do not hold after summarizing the existing practices from the industry. In our identified attacks, a malicious individual with the capability of no more than a regular LBSN user can easily break most LBSNs by manipulating location information fed to LBSN client apps and running them as location oracles. I will further talk about the development of an automated user location tracking system based on the proposed attack and its test on leading LBSNs including Wechat, Skout, and Momo. Real-world experiments on 30 volunteers and the defense approaches will also be discussed. These findings serve as a critical security reminder of the current LBSNs pertaining to a vast number of users.About the Speaker
Kui Ren is an associate professor of Computer Science and Engineering and the director of UbiSeC Lab at State University of New York at Buffalo. He received his PhD degree from Worcester Polytechnic Institute. Kui's current research interest spans Cloud & Outsourcing Security, Wireless & Wearable System Security, and Human-centered Computing. His research has been supported by NSF, DoE, AFRL, MSR, and Amazon. He is a recipient of NSF CAREER Award in 2011 and Sigma Xi/IIT Research Excellence Award in 2012. Kui received several Best Paper Awards including IEEE ICNP 2011. He currently serves as an associate editor for IEEE TMC, IEEE TIFS, IEEE IoT, IEEE TSG, etc. Kui is a senior member of IEEE, a member of ACM, a Distinguished Lecturer of IEEE, and a past board member of Internet Privacy Task Force, State of Illinois.