Dartmouth Events

Abstract:  Ranging from massive data breaches to ransomware campaigns, human factors are increasingly exploited by attackers to launch serious attacks. While users are taking the blame for a lack of security awareness, certain flawed system designs, which have made human factors more exploitable in the first place, are often overlooked.

In this talk, I will describe our recent work to measure and assess various system designs that are likely to weaken the user-level security. Through large-scale empirical measurements, we have identified a number of critical issues in mobile platforms and communication systems that can be exploited to attack users. First, I will describe our efforts to characterize the security risks of Mobile Deep Links which are widely used to interconnect and index content across the web and mobile apps. We have identified a major miscommunication between the app developers and mobile platform designers that put users at risk. Second, I will introduce our recent measurement results on spear phishing and "impersonation". I will use real-world data to illustrate the miscommunications between the network-level defense and the end-users that dramatically weakens users' ability to protect themselves from targeted phishing. Finally, I will use these results to discuss our ongoing and future work to build more usable defenses.

Bio:  Gang Wang is an Assistant Professor of Computer Science at Virginia Tech. He obtained his Ph.D. from UC Santa Barbara in 2016 and his BE from Tsinghua University in 2010. His research interests include Security and Privacy in Web and Mobile Systems, Cybercrime Measurements, and Human Factors in Security. His work has appeared in a diverse set of top venues such as USENIX Security, NDSS, IMC, WWW, SIGMETRICS, MobiSys, and CHI. He is a recipient of Google Faculty Research Award (2017) and SIGMETRICS Best Practical Paper Award (2013). His work has been covered by media outlets such as The New York Times, Boston Globe, CNN, MIT Technology Review, ACM TechNews, The Sun, and New Scientist.