Information Trust Institute (ITI) Calendar

Back to Listing

TSS Seminar: Apu Kapadia: "(Ab)using Smartphone Sensors: Attacking and Reining in Privacy"

Event Type
Information Trust Institute
2405 Siebel Center
Mar 14, 2012   4:00 pm  
Apu Kapadia, School of Informatics and Computing, Indiana University
Originating Calendar
Information Trust Institute



Smartphone sensors can be put to both nefarious and virtuous use. In this talk, I will present our work on 'Soundcomber' and 'Exposure,' which seeks to explore this space.

Soundcomber, an instance of 'sensory malware' for smartphones, uses the microphone to steal private information from phone conversations. Soundcomber is lightweight and stealthy and evades known defenses by transferring small amounts of private data to the malware server utilizing smartphone-specific covert channels.

The Exposure project seeks to empower users to control the extent to which their sensed information (e.g., location) is shared. We argue that static policies (e.g., predefined 'privacy settings') are inadequate for controlling one's exposure. Instead we envision an 'exposure control loop,' where users are given feedback on accesses made, and can make temporary or permanent policy changes to continually refine how their information is shared. I will report on our progress to achieve this overall vision.



Apu Kapadia is an Assistant Professor of Computer Science and Informatics at the School of Informatics and Computing, Indiana University. He received his Ph.D. in Computer Science from the University of Illinois at Urbana-Champaign in October 2005. Following his doctorate, Prof. Kapadia joined Dartmouth College as a Post-Doctoral Research Fellow with the Institute for Security Technology Studies, and then as a Member of Technical Staff at MIT Lincoln Laboratory.

Prof. Kapadia is interested in topics related to systems' security and privacy. He is particularly interested in privacy-enhancing technologies, accountable anonymity, usable models and policy languages for privacy, security in peer-to-peer networks, and applied cryptography

link for robots only