A paper got accepted (IMC19)

Posted on 19th July 2019 by mori

Our paper on the IDN homograph attack detection submitted to the 19th ACM Internet Measurement Conference (IMC 2019) got accepted for publication. This is a joint work with JPRS and NTT Secure Platform Labs. Congratulations, Suzuki-kun!

H. Suzuki, D. Chiba, Y. Yoneya, T. Mori, and S. Goto, “ShamFinder: An Automated Framework for Detecting IDN Homographs,” Proceedings of the 19th ACM Internet Measurement Conference (IMC 2019), pp. xx-xx, October 2019 (acceptance rate = 19.3%=38/197) (to appear)

Preprint is available: https://arxiv.org/abs/1909.07539

Presented a talk at EuroUSEC2019

Posted on 21st June 2019 by mori

Mori-san presented a talk at the 4th IEEE European Workshop on Usable Security (EuroUSEC 2019), which is held in Stockholm, Sweden. This work is a joint work with NTT Secure Platform Laboratories.

K. Mori, T. Watanabe, Y. Zhou, A. Hasegawa, M. Akiyama, T. Mori, “Comparative Analysis of Three Language Spheres: Are Linguistic and Cultural Differences Reflected in Password Selection Habits?,” Proceedings of the 4th IEEE European Workshop on Usable Security (EuroUSEC 2019), pp. 159-171, June 2019 [PDF]

Tap ‘n Ghost has been covered by several news websites

Posted on 6th June 2019 by mori

Tap ‘n Ghost project has been covered by the following tech news websites. The original work was presented at IEEE S&P2019.

[1] 2019/6/1 New attack creates ghost taps on modern Android smartphones (ZDNet)
[2] 2019/6/3 Tap ‘n Ghost Attack Creatively Targets Android Devices (ThreatPost)
[3] 2019/6/4 Newly discovered Tap ‘n Ghost attack can be used to target Android devices (CYWARE)
[4] 2019/6/5 Tap ‘N Ghost Attack – To Target Touchscreen Devices (HackersOnlineClub)
[5] 2019/6/5 Newly Discovered Tap ’n Ghost Attack Let Hackers to Remotely Control Android Smartphone (GBHackers)
[6] 2019/6/5 Tap ‘n Ghost Attack discovered by Security Researchers at Waseda University, Tokyo (TechnoidHub)
[7] 2019/6/7 TAP ‘N GHOST: A NOVEL ATTACK AGAINST SMARTPHONE TOUCHSCREENS (HACKADAY)

A preview image displayed here was cited from [5]: https://gbhackers.com/tap-n-ghost-attack-remotely-smartphones/, which covered our research.

A preview image displayed here was cited from [2]: https://threatpost.com/tap-ghost-attack-android/145286/, which covered our research.

東京五輪公式サイトに類似したドメイン名の調査分析

Posted on 30th May 2019 by mori

https://www3.nhk.or.jp/news/html/20190530/k10011934931000.html

はじめに

東京五輪公式サイト(tokyo2020.org )に類似したドメイン名の調査分析に関して、NHKの取材に協力しました。取材に基づくニュースが2019/5/30のニュース7、および首都圏ニュースで放送されました。以下では放送内では紹介しきれなかった具体的な調査方法と得られた結果の一部をご紹介したいと思います（さしあたってIT系技術者向けに書いています）。このような調査分析の趣旨は、フィッシング攻撃に対する注意喚起が主目的です。東京オリンピックにちなんだビジネスや関連事業を営む方々が類似ドメイン名を正当な目的で使うことは十分に考えられ、決してそれらの営みに問題があるといった主張ではありません。どうぞご了承ください。

※以下に簡単な分析結果を示しますが、現在十分な時間がとれないため、徐々に更新していきます。

Continue reading →

Presented a talk at IEEE S&P 2019

Posted on 23rd May 2019 by mori

Maruyama-kun presented a talk at the 40th 40th IEEE Symposium on
Security and Privacy (S&P2019), which is held in San Francisco, CA USA. S&P is the tier-1 academic conference in the security and privacy discipline.

S. Maruyama, S. Wakabayashi, and T. Mori, “Tap ‘n Ghost: A Compilation of Novel Attack Techniques against Smartphone Touchscreens,” Proceedings of the 40th IEEE Symposium on Security and Privacy (S&P 2019), pp. 628-645, May 2019 (acceptance rate = 12.5%=84/673) [PDF][slide][YouTube]

A short talk video

A talk video