Karim receives Distinguished Paper Award at ACSAC
12-11-2019
Purdue Computer Science PhD student, Imtiaz Karim (advised by Professor Elisa Bertino) and colleagues received a Distinguished Paper Award at the Annual Computer Security Applications Conference (ACSAC). The conference brings together cutting-edge researchers, with a broad cross-section of security professionals drawn from academia, industry, and government. ACSAC is an internationally recognized forum where practitioners, researchers, and developers meet to learn and to exchange practical ideas and experiences in computer and network security.
The award paper is led by Purdue CS PhD student Imtiaz Karim and co-authored by Purdue CS PhD student Fabrizio Cicala, Purdue CS Postdoc Syed Hussain, Purdue CS Professor Elisa Bertino, and University of Iowa Assistant Professor Omar Chowdhury. Their paper, “Opening Pandora’s Box through ATFuzzer: Dynamic Analysis of AT Interface for Android Smartphones," introduces a systematic approach for analyzing the correctness and robustness of the baseband-related AT command execution process to uncover practically-realizable vulnerabilities in Android Smartphones. Their paper focuses on checking the correctness and robustness of the AT command interface exposed by the cellular baseband processor through Bluetooth and USB. A device’s application processor uses this interface for issuing high-level commands (or, AT commands) to the baseband processor for performing cellular network operations (e.g., placing a phone call). Vulnerabilities in this interface can be leveraged by malicious Bluetooth peripherals to launch pernicious attacks including DoS and privacy attacks.
News of this work also appeared in TechCrunch
Writer: Emily Kinsell, 765-494-0669, emily@purdue.edu, @emilykinsell