Search for: All records

Unmanned Aerial Vehicles (UAVs), or drones, are emblematic examples of cyber-physical systems where computational components and physical processes integrate to enable autonomous navigation. UAVs rely heavily on sensors such as Inertial Measurement Units (IMU) and Global Positioning System (GPS) for accurate environmental awareness and control. However, the trust placed in these sensors makes UAVs vulnerable to adversarial attacks that compromise the UAV’s operational integrity. While prior work focuses on detecting attacks against specific sensors, there remains a critical gap in performing Root Cause Analysis (RCA) to determine which component failed and why – especially under ambiguous or conflicting sensor reports. To address this gap, we propose SoundBoost, a novel RCA framework that leverages the UAV’s acoustic side-channel (i.e., sound) to diagnose navigation failures and attribute them to specific sensor compromises. While SoundBoost detects attacks by validating GPS and IMU sensor data, it focuses on post-incident diagnosis. SoundBoost conducts post-incident RCA by extracting robust acoustic signatures and using machine learning to cross-validate reported kinematics against physical behavior. We deploy SoundBoost on a UAV and evaluate it under real-world GPS spoofing attacks and synthesized IMU biasing attacks. SoundBoost achieves 100% true positive rate for IMU attacks and over 80% for GPS spoofing, outperforming the state-of-the-art by 21% – demonstrating its effectiveness as a practical forensic tool for sensor attack RCA. 

Intents are the primary message-passing mechanism on Android, used for both communication between intra-app and inter-app components. Intents go across the trust boundary of applications and can break the security isolation between them. Due to their shared API with intra-app communication, apps may unintentionally expose functionality leading to important security bugs. MALintent is an open-source fuzzing framework that uses novel coverage instrumentation techniques and customizable bug oracles to find security issues in Android Intent handlers. MALintent is the first Intent fuzzer that applies greybox fuzzing on compiled closed-source Android applications. We demonstrate techniques widely compatible with many versions of Android and our bug oracles were able to find several crashes, vulnerabilities with privacy implications, and memory-safety issues in the top downloaded Android applications on the Google Play store. 

Decompilation is a crucial capability in forensic analysis, facilitating analysis of unknown binaries. The recent rise of Python malware has brought attention to Python decompilers that aim to obtain source code representation from a Python binary. However, Python decompilers fail to handle various binaries, limiting their capabilities in forensic analysis. This paper proposes a novel solution that transforms a decompilation error-inducing Python binary into a decompilable binary. Our key intuition is that we can resolve the decompilation errors by transforming error-inducing code blocks in the input binary into another form. The core of our approach is the concept of Forensically Equivalent Transformation (FET) which allows non-semantic preserving transformation in the context of forensic analysis. We carefully define the FETs to minimize their undesirable consequences while fixing various error-inducing instructions that are difficult to solve when preserving the exact semantics. We evaluate the prototype of our approach with 17,117 real-world Python malware samples causing decompilation errors in five popular decompilers. It successfully identifies and fixes 77,022 errors. Our approach also handles anti-analysis techniques, including opcode remap- ping, and helps migrate Python 3.9 binaries to 3.8 binaries.