SlideShare a Scribd company logo

MobileMiner and NervousNet

Download as ODP, PDF
K
kingsBSD

SoBigData at TPDL2016

Software
1 of 15
MobileMiner and Nervousnet -Two Approaches to Social Mining Department of Digital Humanities Giles Greenway
NervousNet from ETHZ: •http://www.nervousnet.ethz.ch •NervousNet hub mobile app polls various physical sensors at a user- defined rate. •Data is pushed to one or more remote “proxies”. •Outputs of sensors combined into “virtual sensors”. •Small custom deployment at CCC Congres.
What about the device's “inner-life”? •Apps bleed into the physical world. They hold data about us. What are they doing behind our backs? •”Pokemon Go is more than just a game and it's bringing people together.” -Forbes. •“Blogger who filmed himself playing Pokemon Go at a Cathedral could face prison.” -Moscow Times. •Really? What about other pervasive games like Ingress?
Our Data Ourselves: MobileMiner •20 Young coders from “Young Rewired State” were issued with Android smartphones. •Developed MobileMiner together, an app that records the behaviour of other apps. •Return their data at hack-days. •Discuss their attitudes to privacy before and after confronting them with their data.
What data do Android apps store? •We don't know! •Apps' internal SQLite databases are not available when the device is mounted as mass-storage. •Databases can be copied from rooted devices using the Android Debug Bridge.
How frequently do apps request location? •We don't know! •The Android settings activity lists recent location requests. •Non-system apps cannot access this API call. •Apps can make passive location requests, to find the last requested location. •Poll this repeatedly and see when it changes? •Make an “educated” guess as to which app is responsible?
How frequently do apps send notifications? • Moral: Stop Playing Clean! • Register your app as an “accessibility service”. • The user must be prompted to accept it. • Normally, the service would do text-to-speech, or use large print. • Instead, log the time and the app that sent the notification. • Ignore the content!
Notifications as a proxy for social network usage. 0 200 400 600 800 1000 1200 0 200 400 600 800 1000 1200 Twitter Network Degree vs Notifications Friends Followers Number of Notifications friends/followerscount Twitter sends notifications based on people you follow. The more notifications the more friends.
How frequently do apps “phone home”? • Android has a TrafficStats API. • Poll this reasonably frequently on a per-app basis and record the increase in Txed/Rxed bytes. • GetUidRxBytes: “Starting in N this will only report traffic statistics for the calling UID...” (N is for ¯_( ツ )_/¯) • Buggy. Protocol info depreciated. • No idea what's being sent.
How frequently do apps “phone home”? • Android is a Linux-based system. • For some apps, we can read the /proc/<pid>/net directory and find open network sockets. • This gives us the protocol and the port. • Need to poll agressively, not great for battery life. sl local_address rem_address st tx_queue rx_queue tr tm->when retrnsmt uid timeout inode 12: 4F01A8C0:E1D0 B422C2AD:0050 01 00000000:00000000 02:000003A3 00000000 1000 0 154153 2 0000000000000000 23 4 28 10 -1 Don't Tap The White Tile
Why do apps “phone home” so frequently? • “The Line-Keep In” is a simple scrolling maze game with very frequent network access. • It requests very extensive permissions, including location. • Decompiling it revealed 3 advertising and notifcation services. (tencent.com, jpush.cn, umneng.com) • Some of these were alreeady of interest to security researchers.
The Droid Destruction Kit! • Can we put Android reversal and traffic capture tools into the hands of beginners? • Many tools require building from source. Containerize a browser-based VNC desktop with Docker. • “Masterclass” on app reversal held by Darren Martyn (http://insecurety.net/) of Xiphos Research: http://www.xiphosresearch.com
Distributing mobile social data. • MobileMiner uploaded data to a slightly customized CKAN instance. -Containerzied and distributed to the YRS participants. • Pentland proposes “Open Personal Data Stores”. (http://openpds.media.mit.edu/) • Iaconesi & Persico propose the “Ubiquitous Commons” on Ethereum. (http://www.artisopensource.net/) • Pentland then proposes “Enigma”, peer-to-peer data storage on Ethereum. (http://enigma.media.mit.edu/) • NervousNet proposes a peer-to-peer proxy.
“Informed Consent” • Users upload position data with low frequency. Do they understand the consequences? • Should such information be quantized spatially as well as temporally? • MobileMiner collected cell-tower data, resolved spatially using http://opencellid.org. • Simple application of k-means is sufficient to determine places of work or study.
NervousNet: http://www.nervousnet.ethz.ch Our fork: https://github.com/kingsBSD/nervousnet-android-kbsd/ Follow us on Twitter: @KingsBSD Read our blog: http://big-social-data.net/ Slideshare: http://www.slideshare.net/kingsBSD/

Recommended

Our Data, Ourselves: The Data Democracy Deficit (EMF CAmp 2014)
Our Data, Ourselves: The Data Democracy Deficit (EMF CAmp 2014)Our Data, Ourselves: The Data Democracy Deficit (EMF CAmp 2014)
Our Data, Ourselves: The Data Democracy Deficit (EMF CAmp 2014)Giles Greenway
 
Pocket virus threat
Pocket virus threatPocket virus threat
Pocket virus threatAli J
 
Security News bytes October 2013
Security News bytes October 2013Security News bytes October 2013
Security News bytes October 2013n|u - The Open Security Community
 
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)Vince Verbeke
 
2015 Cybersecurity Predictions
2015 Cybersecurity Predictions2015 Cybersecurity Predictions
2015 Cybersecurity PredictionsLookout
 
New trends in Payments Security: NFC & Mobile
New trends in Payments Security: NFC & MobileNew trends in Payments Security: NFC & Mobile
New trends in Payments Security: NFC & MobileSISA Information Security Pvt.Ltd
 
Taking Qualitative Research to the Cloud - Ericsson Consumerlab
Taking Qualitative Research to the Cloud - Ericsson ConsumerlabTaking Qualitative Research to the Cloud - Ericsson Consumerlab
Taking Qualitative Research to the Cloud - Ericsson ConsumerlabMerlien Institute
 
A Joint Study by National University of Singapore and IDC
A Joint Study by National University of Singapore and IDCA Joint Study by National University of Singapore and IDC
A Joint Study by National University of Singapore and IDCMicrosoft Asia
 

Recommended

Our Data, Ourselves: The Data Democracy Deficit (EMF CAmp 2014)
Our Data, Ourselves: The Data Democracy Deficit (EMF CAmp 2014)Our Data, Ourselves: The Data Democracy Deficit (EMF CAmp 2014)
Our Data, Ourselves: The Data Democracy Deficit (EMF CAmp 2014)Giles Greenway
 
Pocket virus threat
Pocket virus threatPocket virus threat
Pocket virus threatAli J
 
Security News bytes October 2013
Security News bytes October 2013Security News bytes October 2013
Security News bytes October 2013n|u - The Open Security Community
 
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)Vince Verbeke
 
2015 Cybersecurity Predictions
2015 Cybersecurity Predictions2015 Cybersecurity Predictions
2015 Cybersecurity PredictionsLookout
 
New trends in Payments Security: NFC & Mobile
New trends in Payments Security: NFC & MobileNew trends in Payments Security: NFC & Mobile
New trends in Payments Security: NFC & MobileSISA Information Security Pvt.Ltd
 
Taking Qualitative Research to the Cloud - Ericsson Consumerlab
Taking Qualitative Research to the Cloud - Ericsson ConsumerlabTaking Qualitative Research to the Cloud - Ericsson Consumerlab
Taking Qualitative Research to the Cloud - Ericsson ConsumerlabMerlien Institute
 
A Joint Study by National University of Singapore and IDC
A Joint Study by National University of Singapore and IDCA Joint Study by National University of Singapore and IDC
A Joint Study by National University of Singapore and IDCMicrosoft Asia
 
Introduction to contact tracing apps and privacy issues
Introduction to contact tracing apps and privacy issuesIntroduction to contact tracing apps and privacy issues
Introduction to contact tracing apps and privacy issuesChristian Spolaore
 
Article on Mobile Security
Article on Mobile SecurityArticle on Mobile Security
Article on Mobile SecurityTharaka Mahadewa
 
Feds: You have a BYOD program whether you like it or not
Feds: You have a BYOD program whether you like it or notFeds: You have a BYOD program whether you like it or not
Feds: You have a BYOD program whether you like it or notLookout
 
Sophos security-threat-report-2014-na
Sophos security-threat-report-2014-naSophos security-threat-report-2014-na
Sophos security-threat-report-2014-naAndreas Hiller
 
Your Mobile Internet Device
Your Mobile Internet DeviceYour Mobile Internet Device
Your Mobile Internet DeviceChristian Nord
 
Mobile Security 101
Mobile Security 101Mobile Security 101
Mobile Security 101Lookout
 
Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2SHOLOVE INTERNATIONAL LLC
 
W3W WEEK#45
W3W WEEK#45W3W WEEK#45
W3W WEEK#45Patrick Herrmann
 
Anomaly Detection using String Analysis for Android Malware Detection - CISIS...
Anomaly Detection using String Analysis for Android Malware Detection - CISIS...Anomaly Detection using String Analysis for Android Malware Detection - CISIS...
Anomaly Detection using String Analysis for Android Malware Detection - CISIS...Carlos Laorden
 
Abusing mobilegames
Abusing mobilegamesAbusing mobilegames
Abusing mobilegamesナム-Nam Nguyễn
 
Yuri van Geest - Mobile Update
Yuri van Geest - Mobile UpdateYuri van Geest - Mobile Update
Yuri van Geest - Mobile UpdateMobile Monday Amsterdam
 
Malware detection techniques for mobile devices
Malware detection techniques for mobile devicesMalware detection techniques for mobile devices
Malware detection techniques for mobile devicesijmnct
 
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICESMALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICESijmnct
 
Blackberry playbook – new challenges
Blackberry playbook – new challengesBlackberry playbook – new challenges
Blackberry playbook – new challengesYury Chemerkin
 
Outside the Office: Mobile Security
Outside the Office: Mobile SecurityOutside the Office: Mobile Security
Outside the Office: Mobile SecurityMcKonly & Asbury, LLP
 
Digital Hollywood 2013 US Hispanics and Mobile
Digital Hollywood 2013 US Hispanics and MobileDigital Hollywood 2013 US Hispanics and Mobile
Digital Hollywood 2013 US Hispanics and MobileAdriana Peña Johansson
 
NewsByte Mumbai October 2017
NewsByte Mumbai October 2017NewsByte Mumbai October 2017
NewsByte Mumbai October 2017chauhananand17
 
Vulnerabilities in Mobile Devices
Vulnerabilities in Mobile DevicesVulnerabilities in Mobile Devices
Vulnerabilities in Mobile DevicesCSCJournals
 
Rpt repeating-history
Rpt repeating-historyRpt repeating-history
Rpt repeating-historyAnatoliy Tkachev
 
The New NotCompatible
The New NotCompatibleThe New NotCompatible
The New NotCompatibleLookout
 
DX_Company Profile
DX_Company ProfileDX_Company Profile
DX_Company ProfileNarissa Ali
 
Exhibition assignment
Exhibition assignmentExhibition assignment
Exhibition assignmentCherrise Swait
 

More Related Content

What's hot

Introduction to contact tracing apps and privacy issues
Introduction to contact tracing apps and privacy issuesIntroduction to contact tracing apps and privacy issues
Introduction to contact tracing apps and privacy issuesChristian Spolaore
 
Article on Mobile Security
Article on Mobile SecurityArticle on Mobile Security
Article on Mobile SecurityTharaka Mahadewa
 
Feds: You have a BYOD program whether you like it or not
Feds: You have a BYOD program whether you like it or notFeds: You have a BYOD program whether you like it or not
Feds: You have a BYOD program whether you like it or notLookout
 
Sophos security-threat-report-2014-na
Sophos security-threat-report-2014-naSophos security-threat-report-2014-na
Sophos security-threat-report-2014-naAndreas Hiller
 
Your Mobile Internet Device
Your Mobile Internet DeviceYour Mobile Internet Device
Your Mobile Internet DeviceChristian Nord
 
Mobile Security 101
Mobile Security 101Mobile Security 101
Mobile Security 101Lookout
 
Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2SHOLOVE INTERNATIONAL LLC
 
Anomaly Detection using String Analysis for Android Malware Detection - CISIS...
Anomaly Detection using String Analysis for Android Malware Detection - CISIS...Anomaly Detection using String Analysis for Android Malware Detection - CISIS...
Anomaly Detection using String Analysis for Android Malware Detection - CISIS...Carlos Laorden
 
Malware detection techniques for mobile devices
Malware detection techniques for mobile devicesMalware detection techniques for mobile devices
Malware detection techniques for mobile devicesijmnct
 
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICESMALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICESijmnct
 
Blackberry playbook – new challenges
Blackberry playbook – new challengesBlackberry playbook – new challenges
Blackberry playbook – new challengesYury Chemerkin
 
Digital Hollywood 2013 US Hispanics and Mobile
Digital Hollywood 2013 US Hispanics and MobileDigital Hollywood 2013 US Hispanics and Mobile
Digital Hollywood 2013 US Hispanics and MobileAdriana Peña Johansson
 
NewsByte Mumbai October 2017
NewsByte Mumbai October 2017NewsByte Mumbai October 2017
NewsByte Mumbai October 2017chauhananand17
 
Vulnerabilities in Mobile Devices
Vulnerabilities in Mobile DevicesVulnerabilities in Mobile Devices
Vulnerabilities in Mobile DevicesCSCJournals
 
The New NotCompatible
The New NotCompatibleThe New NotCompatible
The New NotCompatibleLookout
 

What's hot (20)

Introduction to contact tracing apps and privacy issues
Introduction to contact tracing apps and privacy issuesIntroduction to contact tracing apps and privacy issues
Introduction to contact tracing apps and privacy issues
 
Article on Mobile Security
Article on Mobile SecurityArticle on Mobile Security
Article on Mobile Security
 
Feds: You have a BYOD program whether you like it or not
Feds: You have a BYOD program whether you like it or notFeds: You have a BYOD program whether you like it or not
Feds: You have a BYOD program whether you like it or not
 
Sophos security-threat-report-2014-na
Sophos security-threat-report-2014-naSophos security-threat-report-2014-na
Sophos security-threat-report-2014-na
 
Your Mobile Internet Device
Your Mobile Internet DeviceYour Mobile Internet Device
Your Mobile Internet Device
 
Mobile Security 101
Mobile Security 101Mobile Security 101
Mobile Security 101
 
Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2
 
W3W WEEK#45
W3W WEEK#45W3W WEEK#45
W3W WEEK#45
 
Anomaly Detection using String Analysis for Android Malware Detection - CISIS...
Anomaly Detection using String Analysis for Android Malware Detection - CISIS...Anomaly Detection using String Analysis for Android Malware Detection - CISIS...
Anomaly Detection using String Analysis for Android Malware Detection - CISIS...
 
Abusing mobilegames
Abusing mobilegamesAbusing mobilegames
Abusing mobilegames
 
Yuri van Geest - Mobile Update
Yuri van Geest - Mobile UpdateYuri van Geest - Mobile Update
Yuri van Geest - Mobile Update
 
Malware detection techniques for mobile devices
Malware detection techniques for mobile devicesMalware detection techniques for mobile devices
Malware detection techniques for mobile devices
 
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICESMALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES
 
Blackberry playbook – new challenges
Blackberry playbook – new challengesBlackberry playbook – new challenges
Blackberry playbook – new challenges
 
Outside the Office: Mobile Security
Outside the Office: Mobile SecurityOutside the Office: Mobile Security
Outside the Office: Mobile Security
 
Digital Hollywood 2013 US Hispanics and Mobile
Digital Hollywood 2013 US Hispanics and MobileDigital Hollywood 2013 US Hispanics and Mobile
Digital Hollywood 2013 US Hispanics and Mobile
 
NewsByte Mumbai October 2017
NewsByte Mumbai October 2017NewsByte Mumbai October 2017
NewsByte Mumbai October 2017
 
Vulnerabilities in Mobile Devices
Vulnerabilities in Mobile DevicesVulnerabilities in Mobile Devices
Vulnerabilities in Mobile Devices
 
Rpt repeating-history
Rpt repeating-historyRpt repeating-history
Rpt repeating-history
 
The New NotCompatible
The New NotCompatibleThe New NotCompatible
The New NotCompatible
 

Viewers also liked

DX_Company Profile
DX_Company ProfileDX_Company Profile
DX_Company ProfileNarissa Ali
 
The Ask Little ChickenShow #2
The Ask Little ChickenShow #2The Ask Little ChickenShow #2
The Ask Little ChickenShow #2EBR
 
デジタルシネマ・サバイバル・ハンドブック#05
デジタルシネマ・サバイバル・ハンドブック#05デジタルシネマ・サバイバル・ハンドブック#05
デジタルシネマ・サバイバル・ハンドブック#05Tsunoda Ryo
 
Women Entrepreneurship II
Women Entrepreneurship IIWomen Entrepreneurship II
Women Entrepreneurship IIVineeth Rajan
 
документ
документдокумент
документdou188
 
выпускной в детском саду
выпускной в детском садувыпускной в детском саду
выпускной в детском садуdou188
 
Sql a practical_introduction
Sql a practical_introductionSql a practical_introduction
Sql a practical_introductioninvestnow
 
Bahan ajar kemagnetan
Bahan ajar kemagnetanBahan ajar kemagnetan
Bahan ajar kemagnetanZaina Rita
 

Viewers also liked (12)

DX_Company Profile
DX_Company ProfileDX_Company Profile
DX_Company Profile
 
Exhibition assignment
Exhibition assignmentExhibition assignment
Exhibition assignment
 
The Ask Little ChickenShow #2
The Ask Little ChickenShow #2The Ask Little ChickenShow #2
The Ask Little ChickenShow #2
 
デジタルシネマ・サバイバル・ハンドブック#05
デジタルシネマ・サバイバル・ハンドブック#05デジタルシネマ・サバイバル・ハンドブック#05
デジタルシネマ・サバイバル・ハンドブック#05
 
Women Entrepreneurship II
Women Entrepreneurship IIWomen Entrepreneurship II
Women Entrepreneurship II
 
Mitocondria
MitocondriaMitocondria
Mitocondria
 
Harmonic Drive Gear and Wrist end mechanism in industrial robots
Harmonic Drive Gear and Wrist end mechanism in industrial robotsHarmonic Drive Gear and Wrist end mechanism in industrial robots
Harmonic Drive Gear and Wrist end mechanism in industrial robots
 
документ
документдокумент
документ
 
выпускной в детском саду
выпускной в детском садувыпускной в детском саду
выпускной в детском саду
 
Sql a practical_introduction
Sql a practical_introductionSql a practical_introduction
Sql a practical_introduction
 
Bahan ajar kemagnetan
Bahan ajar kemagnetanBahan ajar kemagnetan
Bahan ajar kemagnetan
 
Heat transfer
Heat transferHeat transfer
Heat transfer
 

Similar to MobileMiner and NervousNet

OWASP Ukraine Thomas George presentation
OWASP Ukraine Thomas George presentationOWASP Ukraine Thomas George presentation
OWASP Ukraine Thomas George presentationuisgslide
 
Our Data Ourselves, Pydata 2015
Our Data Ourselves, Pydata 2015Our Data Ourselves, Pydata 2015
Our Data Ourselves, Pydata 2015kingsBSD
 
Toward a Mobile Data Commons
Toward a Mobile Data CommonsToward a Mobile Data Commons
Toward a Mobile Data CommonskingsBSD
 
SmartDevCon - Katowice - 2013
SmartDevCon - Katowice - 2013SmartDevCon - Katowice - 2013
SmartDevCon - Katowice - 2013Petr Dvorak
 
Forensic And Cloud Computing
Forensic And Cloud ComputingForensic And Cloud Computing
Forensic And Cloud ComputingMitesh Katira
 
Mobile Security for Smartphones and Tablets
Mobile Security for Smartphones and TabletsMobile Security for Smartphones and Tablets
Mobile Security for Smartphones and TabletsVince Verbeke
 
Fog computing
Fog computingFog computing
Fog computingAnkit_ap
 
Futuristic World with Sensors and Smart Devices [ Electronics Rocks'14
Futuristic World with Sensors and Smart Devices [ Electronics Rocks'14Futuristic World with Sensors and Smart Devices [ Electronics Rocks'14
Futuristic World with Sensors and Smart Devices [ Electronics Rocks'14Samarth Shah
 
Czech Banks are Under Attack, Clients Lose Money.
Czech Banks are Under Attack, Clients Lose Money.Czech Banks are Under Attack, Clients Lose Money.
Czech Banks are Under Attack, Clients Lose Money.Petr Dvorak
 
I haz you and pwn your maal
I haz you and pwn your maalI haz you and pwn your maal
I haz you and pwn your maalHarsimran Walia
 
Is6120 data security presentation
Is6120 data security presentationIs6120 data security presentation
Is6120 data security presentationJamesDempsey1
 
IoT Development - Opportunities and Challenges
IoT Development - Opportunities and ChallengesIoT Development - Opportunities and Challenges
IoT Development - Opportunities and ChallengesAsim Rais Siddiqui
 
How to build corporate size fraud prevention
How to build corporate size fraud preventionHow to build corporate size fraud prevention
How to build corporate size fraud preventionYury Leonychev
 
Big data trends_problems_v2
Big data trends_problems_v2Big data trends_problems_v2
Big data trends_problems_v2Satish Mehta
 
informationtech1-180930175759.pptx
informationtech1-180930175759.pptxinformationtech1-180930175759.pptx
informationtech1-180930175759.pptxjaspreetkaur908049
 
beware of Thing Bot
beware of Thing Botbeware of Thing Bot
beware of Thing BotBellaj Badr
 

Similar to MobileMiner and NervousNet (20)

OWASP Ukraine Thomas George presentation
OWASP Ukraine Thomas George presentationOWASP Ukraine Thomas George presentation
OWASP Ukraine Thomas George presentation
 
How... Do you know?
How... Do you know?How... Do you know?
How... Do you know?
 
Our Data Ourselves, Pydata 2015
Our Data Ourselves, Pydata 2015Our Data Ourselves, Pydata 2015
Our Data Ourselves, Pydata 2015
 
Toward a Mobile Data Commons
Toward a Mobile Data CommonsToward a Mobile Data Commons
Toward a Mobile Data Commons
 
SmartDevCon - Katowice - 2013
SmartDevCon - Katowice - 2013SmartDevCon - Katowice - 2013
SmartDevCon - Katowice - 2013
 
IoT overview 2014
IoT overview 2014IoT overview 2014
IoT overview 2014
 
Forensic And Cloud Computing
Forensic And Cloud ComputingForensic And Cloud Computing
Forensic And Cloud Computing
 
Mobile Security for Smartphones and Tablets
Mobile Security for Smartphones and TabletsMobile Security for Smartphones and Tablets
Mobile Security for Smartphones and Tablets
 
Fog computing
Fog computingFog computing
Fog computing
 
Futuristic World with Sensors and Smart Devices [ Electronics Rocks'14
Futuristic World with Sensors and Smart Devices [ Electronics Rocks'14Futuristic World with Sensors and Smart Devices [ Electronics Rocks'14
Futuristic World with Sensors and Smart Devices [ Electronics Rocks'14
 
Czech Banks are Under Attack, Clients Lose Money.
Czech Banks are Under Attack, Clients Lose Money.Czech Banks are Under Attack, Clients Lose Money.
Czech Banks are Under Attack, Clients Lose Money.
 
I haz you and pwn your maal
I haz you and pwn your maalI haz you and pwn your maal
I haz you and pwn your maal
 
I haz you and pwn your maal
I haz you and pwn your maalI haz you and pwn your maal
I haz you and pwn your maal
 
Mobile Apps Security
Mobile Apps SecurityMobile Apps Security
Mobile Apps Security
 
Is6120 data security presentation
Is6120 data security presentationIs6120 data security presentation
Is6120 data security presentation
 
IoT Development - Opportunities and Challenges
IoT Development - Opportunities and ChallengesIoT Development - Opportunities and Challenges
IoT Development - Opportunities and Challenges
 
How to build corporate size fraud prevention
How to build corporate size fraud preventionHow to build corporate size fraud prevention
How to build corporate size fraud prevention
 
Big data trends_problems_v2
Big data trends_problems_v2Big data trends_problems_v2
Big data trends_problems_v2
 
informationtech1-180930175759.pptx
informationtech1-180930175759.pptxinformationtech1-180930175759.pptx
informationtech1-180930175759.pptx
 
beware of Thing Bot
beware of Thing Botbeware of Thing Bot
beware of Thing Bot
 

Recently uploaded

Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
software engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptxsoftware engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptxnada99848
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024StefanoLambiase
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based projectAnoyGreter
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 

Recently uploaded (20)

Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
software engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptxsoftware engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptx
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
 
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort ServiceHot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based project
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 

MobileMiner and NervousNet

  • 1. MobileMiner and Nervousnet -Two Approaches to Social Mining Department of Digital Humanities Giles Greenway
  • 2. NervousNet from ETHZ: •http://www.nervousnet.ethz.ch •NervousNet hub mobile app polls various physical sensors at a user- defined rate. •Data is pushed to one or more remote “proxies”. •Outputs of sensors combined into “virtual sensors”. •Small custom deployment at CCC Congres.
  • 3. What about the device's “inner-life”? •Apps bleed into the physical world. They hold data about us. What are they doing behind our backs? •”Pokemon Go is more than just a game and it's bringing people together.” -Forbes. •“Blogger who filmed himself playing Pokemon Go at a Cathedral could face prison.” -Moscow Times. •Really? What about other pervasive games like Ingress?
  • 4. Our Data Ourselves: MobileMiner •20 Young coders from “Young Rewired State” were issued with Android smartphones. •Developed MobileMiner together, an app that records the behaviour of other apps. •Return their data at hack-days. •Discuss their attitudes to privacy before and after confronting them with their data.
  • 5. What data do Android apps store? •We don't know! •Apps' internal SQLite databases are not available when the device is mounted as mass-storage. •Databases can be copied from rooted devices using the Android Debug Bridge.
  • 6. How frequently do apps request location? •We don't know! •The Android settings activity lists recent location requests. •Non-system apps cannot access this API call. •Apps can make passive location requests, to find the last requested location. •Poll this repeatedly and see when it changes? •Make an “educated” guess as to which app is responsible?
  • 7. How frequently do apps send notifications? • Moral: Stop Playing Clean! • Register your app as an “accessibility service”. • The user must be prompted to accept it. • Normally, the service would do text-to-speech, or use large print. • Instead, log the time and the app that sent the notification. • Ignore the content!
  • 8. Notifications as a proxy for social network usage. 0 200 400 600 800 1000 1200 0 200 400 600 800 1000 1200 Twitter Network Degree vs Notifications Friends Followers Number of Notifications friends/followerscount Twitter sends notifications based on people you follow. The more notifications the more friends.
  • 9. How frequently do apps “phone home”? • Android has a TrafficStats API. • Poll this reasonably frequently on a per-app basis and record the increase in Txed/Rxed bytes. • GetUidRxBytes: “Starting in N this will only report traffic statistics for the calling UID...” (N is for ¯_( ツ )_/¯) • Buggy. Protocol info depreciated. • No idea what's being sent.
  • 10. How frequently do apps “phone home”? • Android is a Linux-based system. • For some apps, we can read the /proc/<pid>/net directory and find open network sockets. • This gives us the protocol and the port. • Need to poll agressively, not great for battery life. sl local_address rem_address st tx_queue rx_queue tr tm->when retrnsmt uid timeout inode 12: 4F01A8C0:E1D0 B422C2AD:0050 01 00000000:00000000 02:000003A3 00000000 1000 0 154153 2 0000000000000000 23 4 28 10 -1 Don't Tap The White Tile
  • 11. Why do apps “phone home” so frequently? • “The Line-Keep In” is a simple scrolling maze game with very frequent network access. • It requests very extensive permissions, including location. • Decompiling it revealed 3 advertising and notifcation services. (tencent.com, jpush.cn, umneng.com) • Some of these were alreeady of interest to security researchers.
  • 12. The Droid Destruction Kit! • Can we put Android reversal and traffic capture tools into the hands of beginners? • Many tools require building from source. Containerize a browser-based VNC desktop with Docker. • “Masterclass” on app reversal held by Darren Martyn (http://insecurety.net/) of Xiphos Research: http://www.xiphosresearch.com
  • 13. Distributing mobile social data. • MobileMiner uploaded data to a slightly customized CKAN instance. -Containerzied and distributed to the YRS participants. • Pentland proposes “Open Personal Data Stores”. (http://openpds.media.mit.edu/) • Iaconesi & Persico propose the “Ubiquitous Commons” on Ethereum. (http://www.artisopensource.net/) • Pentland then proposes “Enigma”, peer-to-peer data storage on Ethereum. (http://enigma.media.mit.edu/) • NervousNet proposes a peer-to-peer proxy.
  • 14. “Informed Consent” • Users upload position data with low frequency. Do they understand the consequences? • Should such information be quantized spatially as well as temporally? • MobileMiner collected cell-tower data, resolved spatially using http://opencellid.org. • Simple application of k-means is sufficient to determine places of work or study.
  • 15. NervousNet: http://www.nervousnet.ethz.ch Our fork: https://github.com/kingsBSD/nervousnet-android-kbsd/ Follow us on Twitter: @KingsBSD Read our blog: http://big-social-data.net/ Slideshare: http://www.slideshare.net/kingsBSD/