skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


  • Home
  • Search Results
  • Page 1 of 1

Search for: All records

Creators/Authors contains: "Topcuoglu, Cem"

Note: When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).
What is a DOI Number?

Some links on this page may take you to non-federal websites. Their policies may differ from this site.

  1. ; ; ; (, Proceedings of the 57th Hawaii International Conference on System Sciences)
    Zero-click attacks exploit unpatched vulnerabilities in chat apps, such as WhatsApp and iMessage, enabling root access to the user’s device without their interaction, thereby posing a significant privacy risk. While Apple’s Lockdown mode and Samsung’s Message Guard implement virtual sandboxes, it is crucial to recognize that sophisticated zero-click exploits can potentially bypass the sandbox and compromise the device. This paper explores the feasibility of countering such attacks by shifting the attack surface to a virtual smartphone ecosystem, developed using readily available off-the-shelf components. Considering that zero-click attacks are inevitable, our cross-platform security system is strategically designed to substantially reduce the impact and duration of any potential successful attack. Our evaluation highlighted several trade-offs between security and usability. Moreover, we share insights to inspire further research on mitigating zero-click attacks on smartphones. 
    more » « less
    Accepted Manuscript Full Text Available