SlideShare a Scribd company logo

MobileMiner and NervousNet

Download as ODP, PDF
K
kingsBSD

SoBigData at TPDL2016

Software
1 of 15
MobileMiner and Nervousnet -Two Approaches to Social Mining Department of Digital Humanities Giles Greenway
NervousNet from ETHZ: •http://www.nervousnet.ethz.ch •NervousNet hub mobile app polls various physical sensors at a user- defined rate. •Data is pushed to one or more remote “proxies”. •Outputs of sensors combined into “virtual sensors”. •Small custom deployment at CCC Congres.
What about the device's “inner-life”? •Apps bleed into the physical world. They hold data about us. What are they doing behind our backs? •”Pokemon Go is more than just a game and it's bringing people together.” -Forbes. •“Blogger who filmed himself playing Pokemon Go at a Cathedral could face prison.” -Moscow Times. •Really? What about other pervasive games like Ingress?
Our Data Ourselves: MobileMiner •20 Young coders from “Young Rewired State” were issued with Android smartphones. •Developed MobileMiner together, an app that records the behaviour of other apps. •Return their data at hack-days. •Discuss their attitudes to privacy before and after confronting them with their data.
What data do Android apps store? •We don't know! •Apps' internal SQLite databases are not available when the device is mounted as mass-storage. •Databases can be copied from rooted devices using the Android Debug Bridge.
How frequently do apps request location? •We don't know! •The Android settings activity lists recent location requests. •Non-system apps cannot access this API call. •Apps can make passive location requests, to find the last requested location. •Poll this repeatedly and see when it changes? •Make an “educated” guess as to which app is responsible?
How frequently do apps send notifications? • Moral: Stop Playing Clean! • Register your app as an “accessibility service”. • The user must be prompted to accept it. • Normally, the service would do text-to-speech, or use large print. • Instead, log the time and the app that sent the notification. • Ignore the content!
Notifications as a proxy for social network usage. 0 200 400 600 800 1000 1200 0 200 400 600 800 1000 1200 Twitter Network Degree vs Notifications Friends Followers Number of Notifications friends/followerscount Twitter sends notifications based on people you follow. The more notifications the more friends.
How frequently do apps “phone home”? • Android has a TrafficStats API. • Poll this reasonably frequently on a per-app basis and record the increase in Txed/Rxed bytes. • GetUidRxBytes: “Starting in N this will only report traffic statistics for the calling UID...” (N is for ¯_( ツ )_/¯) • Buggy. Protocol info depreciated. • No idea what's being sent.
How frequently do apps “phone home”? • Android is a Linux-based system. • For some apps, we can read the /proc/<pid>/net directory and find open network sockets. • This gives us the protocol and the port. • Need to poll agressively, not great for battery life. sl local_address rem_address st tx_queue rx_queue tr tm->when retrnsmt uid timeout inode 12: 4F01A8C0:E1D0 B422C2AD:0050 01 00000000:00000000 02:000003A3 00000000 1000 0 154153 2 0000000000000000 23 4 28 10 -1 Don't Tap The White Tile
Why do apps “phone home” so frequently? • “The Line-Keep In” is a simple scrolling maze game with very frequent network access. • It requests very extensive permissions, including location. • Decompiling it revealed 3 advertising and notifcation services. (tencent.com, jpush.cn, umneng.com) • Some of these were alreeady of interest to security researchers.
The Droid Destruction Kit! • Can we put Android reversal and traffic capture tools into the hands of beginners? • Many tools require building from source. Containerize a browser-based VNC desktop with Docker. • “Masterclass” on app reversal held by Darren Martyn (http://insecurety.net/) of Xiphos Research: http://www.xiphosresearch.com
Distributing mobile social data. • MobileMiner uploaded data to a slightly customized CKAN instance. -Containerzied and distributed to the YRS participants. • Pentland proposes “Open Personal Data Stores”. (http://openpds.media.mit.edu/) • Iaconesi & Persico propose the “Ubiquitous Commons” on Ethereum. (http://www.artisopensource.net/) • Pentland then proposes “Enigma”, peer-to-peer data storage on Ethereum. (http://enigma.media.mit.edu/) • NervousNet proposes a peer-to-peer proxy.
“Informed Consent” • Users upload position data with low frequency. Do they understand the consequences? • Should such information be quantized spatially as well as temporally? • MobileMiner collected cell-tower data, resolved spatially using http://opencellid.org. • Simple application of k-means is sufficient to determine places of work or study.
NervousNet: http://www.nervousnet.ethz.ch Our fork: https://github.com/kingsBSD/nervousnet-android-kbsd/ Follow us on Twitter: @KingsBSD Read our blog: http://big-social-data.net/ Slideshare: http://www.slideshare.net/kingsBSD/

Recommended

Our Data, Ourselves: The Data Democracy Deficit (EMF CAmp 2014)
Our Data, Ourselves: The Data Democracy Deficit (EMF CAmp 2014)Our Data, Ourselves: The Data Democracy Deficit (EMF CAmp 2014)
Our Data, Ourselves: The Data Democracy Deficit (EMF CAmp 2014)Giles Greenway
 
Pocket virus threat
Pocket virus threatPocket virus threat
Pocket virus threatAli J
 
Security News bytes October 2013
Security News bytes October 2013Security News bytes October 2013
Security News bytes October 2013n|u - The Open Security Community
 
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)Vince Verbeke
 
2015 Cybersecurity Predictions
2015 Cybersecurity Predictions2015 Cybersecurity Predictions
2015 Cybersecurity PredictionsLookout
 
New trends in Payments Security: NFC & Mobile
New trends in Payments Security: NFC & MobileNew trends in Payments Security: NFC & Mobile
New trends in Payments Security: NFC & MobileSISA Information Security Pvt.Ltd
 
Taking Qualitative Research to the Cloud - Ericsson Consumerlab
Taking Qualitative Research to the Cloud - Ericsson ConsumerlabTaking Qualitative Research to the Cloud - Ericsson Consumerlab
Taking Qualitative Research to the Cloud - Ericsson ConsumerlabMerlien Institute
 
A Joint Study by National University of Singapore and IDC
A Joint Study by National University of Singapore and IDCA Joint Study by National University of Singapore and IDC
A Joint Study by National University of Singapore and IDCMicrosoft Asia
 

Recommended

Our Data, Ourselves: The Data Democracy Deficit (EMF CAmp 2014)
Our Data, Ourselves: The Data Democracy Deficit (EMF CAmp 2014)Our Data, Ourselves: The Data Democracy Deficit (EMF CAmp 2014)
Our Data, Ourselves: The Data Democracy Deficit (EMF CAmp 2014)Giles Greenway
 
Pocket virus threat
Pocket virus threatPocket virus threat
Pocket virus threatAli J
 
Security News bytes October 2013
Security News bytes October 2013Security News bytes October 2013
Security News bytes October 2013n|u - The Open Security Community
 
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)Vince Verbeke
 
2015 Cybersecurity Predictions
2015 Cybersecurity Predictions2015 Cybersecurity Predictions
2015 Cybersecurity PredictionsLookout
 
New trends in Payments Security: NFC & Mobile
New trends in Payments Security: NFC & MobileNew trends in Payments Security: NFC & Mobile
New trends in Payments Security: NFC & MobileSISA Information Security Pvt.Ltd
 
Taking Qualitative Research to the Cloud - Ericsson Consumerlab
Taking Qualitative Research to the Cloud - Ericsson ConsumerlabTaking Qualitative Research to the Cloud - Ericsson Consumerlab
Taking Qualitative Research to the Cloud - Ericsson ConsumerlabMerlien Institute
 
A Joint Study by National University of Singapore and IDC
A Joint Study by National University of Singapore and IDCA Joint Study by National University of Singapore and IDC
A Joint Study by National University of Singapore and IDCMicrosoft Asia
 
Introduction to contact tracing apps and privacy issues
Introduction to contact tracing apps and privacy issuesIntroduction to contact tracing apps and privacy issues
Introduction to contact tracing apps and privacy issuesChristian Spolaore
 
Article on Mobile Security
Article on Mobile SecurityArticle on Mobile Security
Article on Mobile SecurityTharaka Mahadewa
 
Feds: You have a BYOD program whether you like it or not
Feds: You have a BYOD program whether you like it or notFeds: You have a BYOD program whether you like it or not
Feds: You have a BYOD program whether you like it or notLookout
 
Sophos security-threat-report-2014-na
Sophos security-threat-report-2014-naSophos security-threat-report-2014-na
Sophos security-threat-report-2014-naAndreas Hiller
 
Your Mobile Internet Device
Your Mobile Internet DeviceYour Mobile Internet Device
Your Mobile Internet DeviceChristian Nord
 
Mobile Security 101
Mobile Security 101Mobile Security 101
Mobile Security 101Lookout
 
Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2SHOLOVE INTERNATIONAL LLC
 
W3W WEEK#45
W3W WEEK#45W3W WEEK#45
W3W WEEK#45Patrick Herrmann
 
Anomaly Detection using String Analysis for Android Malware Detection - CISIS...
Anomaly Detection using String Analysis for Android Malware Detection - CISIS...Anomaly Detection using String Analysis for Android Malware Detection - CISIS...
Anomaly Detection using String Analysis for Android Malware Detection - CISIS...Carlos Laorden
 
Abusing mobilegames
Abusing mobilegamesAbusing mobilegames
Abusing mobilegamesナム-Nam Nguyễn
 
Yuri van Geest - Mobile Update
Yuri van Geest - Mobile UpdateYuri van Geest - Mobile Update
Yuri van Geest - Mobile UpdateMobile Monday Amsterdam
 
Malware detection techniques for mobile devices
Malware detection techniques for mobile devicesMalware detection techniques for mobile devices
Malware detection techniques for mobile devicesijmnct
 
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICESMALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICESijmnct
 
Blackberry playbook – new challenges
Blackberry playbook – new challengesBlackberry playbook – new challenges
Blackberry playbook – new challengesYury Chemerkin
 
Outside the Office: Mobile Security
Outside the Office: Mobile SecurityOutside the Office: Mobile Security
Outside the Office: Mobile SecurityMcKonly & Asbury, LLP
 
Digital Hollywood 2013 US Hispanics and Mobile
Digital Hollywood 2013 US Hispanics and MobileDigital Hollywood 2013 US Hispanics and Mobile
Digital Hollywood 2013 US Hispanics and MobileAdriana Peña Johansson
 
NewsByte Mumbai October 2017
NewsByte Mumbai October 2017NewsByte Mumbai October 2017
NewsByte Mumbai October 2017chauhananand17
 
Vulnerabilities in Mobile Devices
Vulnerabilities in Mobile DevicesVulnerabilities in Mobile Devices
Vulnerabilities in Mobile DevicesCSCJournals
 
Rpt repeating-history
Rpt repeating-historyRpt repeating-history
Rpt repeating-historyAnatoliy Tkachev
 
The New NotCompatible
The New NotCompatibleThe New NotCompatible
The New NotCompatibleLookout
 
DX_Company Profile
DX_Company ProfileDX_Company Profile
DX_Company ProfileNarissa Ali
 
Exhibition assignment
Exhibition assignmentExhibition assignment
Exhibition assignmentCherrise Swait
 

More Related Content

What's hot

Introduction to contact tracing apps and privacy issues
Introduction to contact tracing apps and privacy issuesIntroduction to contact tracing apps and privacy issues
Introduction to contact tracing apps and privacy issuesChristian Spolaore
 
Article on Mobile Security
Article on Mobile SecurityArticle on Mobile Security
Article on Mobile SecurityTharaka Mahadewa
 
Feds: You have a BYOD program whether you like it or not
Feds: You have a BYOD program whether you like it or notFeds: You have a BYOD program whether you like it or not
Feds: You have a BYOD program whether you like it or notLookout
 
Sophos security-threat-report-2014-na
Sophos security-threat-report-2014-naSophos security-threat-report-2014-na
Sophos security-threat-report-2014-naAndreas Hiller
 
Your Mobile Internet Device
Your Mobile Internet DeviceYour Mobile Internet Device
Your Mobile Internet DeviceChristian Nord
 
Mobile Security 101
Mobile Security 101Mobile Security 101
Mobile Security 101Lookout
 
Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2SHOLOVE INTERNATIONAL LLC
 
Anomaly Detection using String Analysis for Android Malware Detection - CISIS...
Anomaly Detection using String Analysis for Android Malware Detection - CISIS...Anomaly Detection using String Analysis for Android Malware Detection - CISIS...
Anomaly Detection using String Analysis for Android Malware Detection - CISIS...Carlos Laorden
 
Malware detection techniques for mobile devices
Malware detection techniques for mobile devicesMalware detection techniques for mobile devices
Malware detection techniques for mobile devicesijmnct
 
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICESMALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICESijmnct
 
Blackberry playbook – new challenges
Blackberry playbook – new challengesBlackberry playbook – new challenges
Blackberry playbook – new challengesYury Chemerkin
 
Digital Hollywood 2013 US Hispanics and Mobile
Digital Hollywood 2013 US Hispanics and MobileDigital Hollywood 2013 US Hispanics and Mobile
Digital Hollywood 2013 US Hispanics and MobileAdriana Peña Johansson
 
NewsByte Mumbai October 2017
NewsByte Mumbai October 2017NewsByte Mumbai October 2017
NewsByte Mumbai October 2017chauhananand17
 
Vulnerabilities in Mobile Devices
Vulnerabilities in Mobile DevicesVulnerabilities in Mobile Devices
Vulnerabilities in Mobile DevicesCSCJournals
 
The New NotCompatible
The New NotCompatibleThe New NotCompatible
The New NotCompatibleLookout
 

What's hot (20)

Introduction to contact tracing apps and privacy issues
Introduction to contact tracing apps and privacy issuesIntroduction to contact tracing apps and privacy issues
Introduction to contact tracing apps and privacy issues
 
Article on Mobile Security
Article on Mobile SecurityArticle on Mobile Security
Article on Mobile Security
 
Feds: You have a BYOD program whether you like it or not
Feds: You have a BYOD program whether you like it or notFeds: You have a BYOD program whether you like it or not
Feds: You have a BYOD program whether you like it or not
 
Sophos security-threat-report-2014-na
Sophos security-threat-report-2014-naSophos security-threat-report-2014-na
Sophos security-threat-report-2014-na
 
Your Mobile Internet Device
Your Mobile Internet DeviceYour Mobile Internet Device
Your Mobile Internet Device
 
Mobile Security 101
Mobile Security 101Mobile Security 101
Mobile Security 101
 
Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2
 
W3W WEEK#45
W3W WEEK#45W3W WEEK#45
W3W WEEK#45
 
Anomaly Detection using String Analysis for Android Malware Detection - CISIS...
Anomaly Detection using String Analysis for Android Malware Detection - CISIS...Anomaly Detection using String Analysis for Android Malware Detection - CISIS...
Anomaly Detection using String Analysis for Android Malware Detection - CISIS...
 
Abusing mobilegames
Abusing mobilegamesAbusing mobilegames
Abusing mobilegames
 
Yuri van Geest - Mobile Update
Yuri van Geest - Mobile UpdateYuri van Geest - Mobile Update
Yuri van Geest - Mobile Update
 
Malware detection techniques for mobile devices
Malware detection techniques for mobile devicesMalware detection techniques for mobile devices
Malware detection techniques for mobile devices
 
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICESMALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES
 
Blackberry playbook – new challenges
Blackberry playbook – new challengesBlackberry playbook – new challenges
Blackberry playbook – new challenges
 
Outside the Office: Mobile Security
Outside the Office: Mobile SecurityOutside the Office: Mobile Security
Outside the Office: Mobile Security
 
Digital Hollywood 2013 US Hispanics and Mobile
Digital Hollywood 2013 US Hispanics and MobileDigital Hollywood 2013 US Hispanics and Mobile
Digital Hollywood 2013 US Hispanics and Mobile
 
NewsByte Mumbai October 2017
NewsByte Mumbai October 2017NewsByte Mumbai October 2017
NewsByte Mumbai October 2017
 
Vulnerabilities in Mobile Devices
Vulnerabilities in Mobile DevicesVulnerabilities in Mobile Devices
Vulnerabilities in Mobile Devices
 
Rpt repeating-history
Rpt repeating-historyRpt repeating-history
Rpt repeating-history
 
The New NotCompatible
The New NotCompatibleThe New NotCompatible
The New NotCompatible
 

Viewers also liked

DX_Company Profile
DX_Company ProfileDX_Company Profile
DX_Company ProfileNarissa Ali
 
The Ask Little ChickenShow #2
The Ask Little ChickenShow #2The Ask Little ChickenShow #2
The Ask Little ChickenShow #2EBR
 
デジタルシネマ・サバイバル・ハンドブック#05
デジタルシネマ・サバイバル・ハンドブック#05デジタルシネマ・サバイバル・ハンドブック#05
デジタルシネマ・サバイバル・ハンドブック#05Tsunoda Ryo
 
Women Entrepreneurship II
Women Entrepreneurship IIWomen Entrepreneurship II
Women Entrepreneurship IIVineeth Rajan
 
документ
документдокумент
документdou188
 
выпускной в детском саду
выпускной в детском садувыпускной в детском саду
выпускной в детском садуdou188
 
Sql a practical_introduction
Sql a practical_introductionSql a practical_introduction
Sql a practical_introductioninvestnow
 
Bahan ajar kemagnetan
Bahan ajar kemagnetanBahan ajar kemagnetan
Bahan ajar kemagnetanZaina Rita
 

Viewers also liked (12)

DX_Company Profile
DX_Company ProfileDX_Company Profile
DX_Company Profile
 
Exhibition assignment
Exhibition assignmentExhibition assignment
Exhibition assignment
 
The Ask Little ChickenShow #2
The Ask Little ChickenShow #2The Ask Little ChickenShow #2
The Ask Little ChickenShow #2
 
デジタルシネマ・サバイバル・ハンドブック#05
デジタルシネマ・サバイバル・ハンドブック#05デジタルシネマ・サバイバル・ハンドブック#05
デジタルシネマ・サバイバル・ハンドブック#05
 
Women Entrepreneurship II
Women Entrepreneurship IIWomen Entrepreneurship II
Women Entrepreneurship II
 
Mitocondria
MitocondriaMitocondria
Mitocondria
 
Harmonic Drive Gear and Wrist end mechanism in industrial robots
Harmonic Drive Gear and Wrist end mechanism in industrial robotsHarmonic Drive Gear and Wrist end mechanism in industrial robots
Harmonic Drive Gear and Wrist end mechanism in industrial robots
 
документ
документдокумент
документ
 
выпускной в детском саду
выпускной в детском садувыпускной в детском саду
выпускной в детском саду
 
Sql a practical_introduction
Sql a practical_introductionSql a practical_introduction
Sql a practical_introduction
 
Bahan ajar kemagnetan
Bahan ajar kemagnetanBahan ajar kemagnetan
Bahan ajar kemagnetan
 
Heat transfer
Heat transferHeat transfer
Heat transfer
 

Similar to MobileMiner and NervousNet

OWASP Ukraine Thomas George presentation
OWASP Ukraine Thomas George presentationOWASP Ukraine Thomas George presentation
OWASP Ukraine Thomas George presentationuisgslide
 
Our Data Ourselves, Pydata 2015
Our Data Ourselves, Pydata 2015Our Data Ourselves, Pydata 2015
Our Data Ourselves, Pydata 2015kingsBSD
 
Toward a Mobile Data Commons
Toward a Mobile Data CommonsToward a Mobile Data Commons
Toward a Mobile Data CommonskingsBSD
 
SmartDevCon - Katowice - 2013
SmartDevCon - Katowice - 2013SmartDevCon - Katowice - 2013
SmartDevCon - Katowice - 2013Petr Dvorak
 
Forensic And Cloud Computing
Forensic And Cloud ComputingForensic And Cloud Computing
Forensic And Cloud ComputingMitesh Katira
 
Mobile Security for Smartphones and Tablets
Mobile Security for Smartphones and TabletsMobile Security for Smartphones and Tablets
Mobile Security for Smartphones and TabletsVince Verbeke
 
Fog computing
Fog computingFog computing
Fog computingAnkit_ap
 
Futuristic World with Sensors and Smart Devices [ Electronics Rocks'14
Futuristic World with Sensors and Smart Devices [ Electronics Rocks'14Futuristic World with Sensors and Smart Devices [ Electronics Rocks'14
Futuristic World with Sensors and Smart Devices [ Electronics Rocks'14Samarth Shah
 
Czech Banks are Under Attack, Clients Lose Money.
Czech Banks are Under Attack, Clients Lose Money.Czech Banks are Under Attack, Clients Lose Money.
Czech Banks are Under Attack, Clients Lose Money.Petr Dvorak
 
I haz you and pwn your maal
I haz you and pwn your maalI haz you and pwn your maal
I haz you and pwn your maalHarsimran Walia
 
Is6120 data security presentation
Is6120 data security presentationIs6120 data security presentation
Is6120 data security presentationJamesDempsey1
 
IoT Development - Opportunities and Challenges
IoT Development - Opportunities and ChallengesIoT Development - Opportunities and Challenges
IoT Development - Opportunities and ChallengesAsim Rais Siddiqui
 
How to build corporate size fraud prevention
How to build corporate size fraud preventionHow to build corporate size fraud prevention
How to build corporate size fraud preventionYury Leonychev
 
Big data trends_problems_v2
Big data trends_problems_v2Big data trends_problems_v2
Big data trends_problems_v2Satish Mehta
 
informationtech1-180930175759.pptx
informationtech1-180930175759.pptxinformationtech1-180930175759.pptx
informationtech1-180930175759.pptxjaspreetkaur908049
 
beware of Thing Bot
beware of Thing Botbeware of Thing Bot
beware of Thing BotBellaj Badr
 

Similar to MobileMiner and NervousNet (20)

OWASP Ukraine Thomas George presentation
OWASP Ukraine Thomas George presentationOWASP Ukraine Thomas George presentation
OWASP Ukraine Thomas George presentation
 
How... Do you know?
How... Do you know?How... Do you know?
How... Do you know?
 
Our Data Ourselves, Pydata 2015
Our Data Ourselves, Pydata 2015Our Data Ourselves, Pydata 2015
Our Data Ourselves, Pydata 2015
 
Toward a Mobile Data Commons
Toward a Mobile Data CommonsToward a Mobile Data Commons
Toward a Mobile Data Commons
 
SmartDevCon - Katowice - 2013
SmartDevCon - Katowice - 2013SmartDevCon - Katowice - 2013
SmartDevCon - Katowice - 2013
 
IoT overview 2014
IoT overview 2014IoT overview 2014
IoT overview 2014
 
Forensic And Cloud Computing
Forensic And Cloud ComputingForensic And Cloud Computing
Forensic And Cloud Computing
 
Mobile Security for Smartphones and Tablets
Mobile Security for Smartphones and TabletsMobile Security for Smartphones and Tablets
Mobile Security for Smartphones and Tablets
 
Fog computing
Fog computingFog computing
Fog computing
 
Futuristic World with Sensors and Smart Devices [ Electronics Rocks'14
Futuristic World with Sensors and Smart Devices [ Electronics Rocks'14Futuristic World with Sensors and Smart Devices [ Electronics Rocks'14
Futuristic World with Sensors and Smart Devices [ Electronics Rocks'14
 
Czech Banks are Under Attack, Clients Lose Money.
Czech Banks are Under Attack, Clients Lose Money.Czech Banks are Under Attack, Clients Lose Money.
Czech Banks are Under Attack, Clients Lose Money.
 
I haz you and pwn your maal
I haz you and pwn your maalI haz you and pwn your maal
I haz you and pwn your maal
 
I haz you and pwn your maal
I haz you and pwn your maalI haz you and pwn your maal
I haz you and pwn your maal
 
Mobile Apps Security
Mobile Apps SecurityMobile Apps Security
Mobile Apps Security
 
Is6120 data security presentation
Is6120 data security presentationIs6120 data security presentation
Is6120 data security presentation
 
IoT Development - Opportunities and Challenges
IoT Development - Opportunities and ChallengesIoT Development - Opportunities and Challenges
IoT Development - Opportunities and Challenges
 
How to build corporate size fraud prevention
How to build corporate size fraud preventionHow to build corporate size fraud prevention
How to build corporate size fraud prevention
 
Big data trends_problems_v2
Big data trends_problems_v2Big data trends_problems_v2
Big data trends_problems_v2
 
informationtech1-180930175759.pptx
informationtech1-180930175759.pptxinformationtech1-180930175759.pptx
informationtech1-180930175759.pptx
 
beware of Thing Bot
beware of Thing Botbeware of Thing Bot
beware of Thing Bot
 

Recently uploaded

A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfMarharyta Nedzelska
 
Sending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdfSending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdf31events.com
 
Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commercemanigoyal112
 
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Natan Silnitsky
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Developmentvyaparkranti
 
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdfExploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdfkalichargn70th171
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Matt Ray
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Cizo Technology Services
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样umasea
 
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfComparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfDrew Moseley
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanyChristoph Pohl
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...OnePlan Solutions
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesPhilip Schwarz
 
Software Coding for software engineering
Software Coding for software engineeringSoftware Coding for software engineering
Software Coding for software engineeringssuserb3a23b
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfFerryKemperman
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...Technogeeks
 

Recently uploaded (20)

A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdf
 
Sending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdfSending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdf
 
Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commerce
 
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Development
 
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdfExploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
 
Advantages of Odoo ERP 17 for Your Business
Advantages of Odoo ERP 17 for Your BusinessAdvantages of Odoo ERP 17 for Your Business
Advantages of Odoo ERP 17 for Your Business
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
 
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfComparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdf
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a series
 
Software Coding for software engineering
Software Coding for software engineeringSoftware Coding for software engineering
Software Coding for software engineering
 
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort ServiceHot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
 
Odoo Development Company in India | Devintelle Consulting Service
Odoo Development Company in India | Devintelle Consulting ServiceOdoo Development Company in India | Devintelle Consulting Service
Odoo Development Company in India | Devintelle Consulting Service
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdf
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...
 

MobileMiner and NervousNet

  • 1. MobileMiner and Nervousnet -Two Approaches to Social Mining Department of Digital Humanities Giles Greenway
  • 2. NervousNet from ETHZ: •http://www.nervousnet.ethz.ch •NervousNet hub mobile app polls various physical sensors at a user- defined rate. •Data is pushed to one or more remote “proxies”. •Outputs of sensors combined into “virtual sensors”. •Small custom deployment at CCC Congres.
  • 3. What about the device's “inner-life”? •Apps bleed into the physical world. They hold data about us. What are they doing behind our backs? •”Pokemon Go is more than just a game and it's bringing people together.” -Forbes. •“Blogger who filmed himself playing Pokemon Go at a Cathedral could face prison.” -Moscow Times. •Really? What about other pervasive games like Ingress?
  • 4. Our Data Ourselves: MobileMiner •20 Young coders from “Young Rewired State” were issued with Android smartphones. •Developed MobileMiner together, an app that records the behaviour of other apps. •Return their data at hack-days. •Discuss their attitudes to privacy before and after confronting them with their data.
  • 5. What data do Android apps store? •We don't know! •Apps' internal SQLite databases are not available when the device is mounted as mass-storage. •Databases can be copied from rooted devices using the Android Debug Bridge.
  • 6. How frequently do apps request location? •We don't know! •The Android settings activity lists recent location requests. •Non-system apps cannot access this API call. •Apps can make passive location requests, to find the last requested location. •Poll this repeatedly and see when it changes? •Make an “educated” guess as to which app is responsible?
  • 7. How frequently do apps send notifications? • Moral: Stop Playing Clean! • Register your app as an “accessibility service”. • The user must be prompted to accept it. • Normally, the service would do text-to-speech, or use large print. • Instead, log the time and the app that sent the notification. • Ignore the content!
  • 8. Notifications as a proxy for social network usage. 0 200 400 600 800 1000 1200 0 200 400 600 800 1000 1200 Twitter Network Degree vs Notifications Friends Followers Number of Notifications friends/followerscount Twitter sends notifications based on people you follow. The more notifications the more friends.
  • 9. How frequently do apps “phone home”? • Android has a TrafficStats API. • Poll this reasonably frequently on a per-app basis and record the increase in Txed/Rxed bytes. • GetUidRxBytes: “Starting in N this will only report traffic statistics for the calling UID...” (N is for ¯_( ツ )_/¯) • Buggy. Protocol info depreciated. • No idea what's being sent.
  • 10. How frequently do apps “phone home”? • Android is a Linux-based system. • For some apps, we can read the /proc/<pid>/net directory and find open network sockets. • This gives us the protocol and the port. • Need to poll agressively, not great for battery life. sl local_address rem_address st tx_queue rx_queue tr tm->when retrnsmt uid timeout inode 12: 4F01A8C0:E1D0 B422C2AD:0050 01 00000000:00000000 02:000003A3 00000000 1000 0 154153 2 0000000000000000 23 4 28 10 -1 Don't Tap The White Tile
  • 11. Why do apps “phone home” so frequently? • “The Line-Keep In” is a simple scrolling maze game with very frequent network access. • It requests very extensive permissions, including location. • Decompiling it revealed 3 advertising and notifcation services. (tencent.com, jpush.cn, umneng.com) • Some of these were alreeady of interest to security researchers.
  • 12. The Droid Destruction Kit! • Can we put Android reversal and traffic capture tools into the hands of beginners? • Many tools require building from source. Containerize a browser-based VNC desktop with Docker. • “Masterclass” on app reversal held by Darren Martyn (http://insecurety.net/) of Xiphos Research: http://www.xiphosresearch.com
  • 13. Distributing mobile social data. • MobileMiner uploaded data to a slightly customized CKAN instance. -Containerzied and distributed to the YRS participants. • Pentland proposes “Open Personal Data Stores”. (http://openpds.media.mit.edu/) • Iaconesi & Persico propose the “Ubiquitous Commons” on Ethereum. (http://www.artisopensource.net/) • Pentland then proposes “Enigma”, peer-to-peer data storage on Ethereum. (http://enigma.media.mit.edu/) • NervousNet proposes a peer-to-peer proxy.
  • 14. “Informed Consent” • Users upload position data with low frequency. Do they understand the consequences? • Should such information be quantized spatially as well as temporally? • MobileMiner collected cell-tower data, resolved spatially using http://opencellid.org. • Simple application of k-means is sufficient to determine places of work or study.
  • 15. NervousNet: http://www.nervousnet.ethz.ch Our fork: https://github.com/kingsBSD/nervousnet-android-kbsd/ Follow us on Twitter: @KingsBSD Read our blog: http://big-social-data.net/ Slideshare: http://www.slideshare.net/kingsBSD/