The Android ecosystem offers different facilities to enable commu- nication among app components and across apps to ensure that rich services can be composed through functionality reuse. At the heart of this system is the Inter-component communication (ICC) scheme, which has been largely studied in the literature. Less known in...More>>

Our mobile devices store a lot of sensitive and critical information. Moreover, considering the ability of smartphones and tables to detect the position and to record audio, it is not absolutely an exaggeration to admit that potentially our devices can easily spy on us. The ability to perform these crucial...More>>

The Android platform is currently targeted by malicious writers, continuously focused on the development of new types of attacks to extract sensitive and private information from our mobile devices. In this landscape, one recent trend is represented by the collusion attack. In a nutshell this attack requires that two or...More>>

Development of the Internet of Things (IoT) opens many new challenges. As IoT devices are getting smaller and smaller, the problems of so-called “constrained devices” arise. The traditional Internet protocols are not very well suited for constrained devices comprising localized network nodes with tens of devices primarily communicating with each...More>>

Our mobile devices, if compared to their desktop counterpart, store a lot of sensitive and private information. Considering how easily permissions to sensitive and critical resources in the mobile environment are released, for example in Android, sometimes the developer unwittingly causes the leakage of sensitive information, endangering the privacy of...More>>

Memory corruption vulnerabilities, mainly present in C and C++ applications, may enable attackers to maliciously take control over the program running on a target machine by forcing it to execute an unintended sequence of instructions present in memory. This is the principle of modern Code-Reuse Attacks (CRAs) and of famous...More>>

Due to the convenience of access-on-demand to information and business solutions, mobile apps have become an important asset in the digital world. In the context of the Covid-19 pandemic, app developers have joined the response effort in various ways by releasing apps that target different user bases (e.g., all citizens...More>>

Modern vehicles contain a plethora of electronic units aimed to send and receive data by exploiting the serial communication provided by the CAN bus. CAN packets are broadcasted to all components and it is in charge of the single component to decide if it is the receiver of the packets....More>>

Abstract: Android developers heavily use reflection in their apps for legitimate reasons. However, reflection is also significantly used for hiding malicious actions. Unfortunately, current state-of-the-art static analysis tools for Android are challenged by the presence of reflective calls which they usually ignore. Thus, the results of their security...More>>