In their first paper titled Hindsight: Understanding the Evolution of UI Vulnerabilities in Mobile Browsers doctoral researchers Meng Luo and Oleksii Starov, guided by Assistant Professor Nima Honarmand and Nikiforakis, present their work on the first browser-agnostic framework for assessing the vulnerability of modern mobile browsers. By analyzing thousands of mobile browsers and exposing them to tens of thousands of attacks, the authors discovered that mobile browsers are becoming less secure with each passing year and warned about their potential abuse by attackers.
PragSec Lab’s second paper titled The Wolf of Name Street: Hijacking Domains Through Their Nameservers PhD student Timothy Barron and Nikiforakis collaborated with three authors from KU Leuven (Thomas Vissers, Tom Van Goethem, and Wouter Joosen). The research showed that simple configuration errors (such as typos) when setting up name servers for domain names can be used to hijack tens of thousands of domain names and usurp control from their rightful owners.
Finally, in the third paper to be accepted at CCS 2017, Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse, doctoral researcher Najmeh Miramirkhani and Nikiforakis collaborated with authors from London South Bank University (Nikolaos Pitropakis) and Georgia Tech (Panagiotis Kintis, Charles Lever, Yizheng Chen, Rosa Romero-Gómez, and Manos Antonakakis). This paper documented research which showed that attackers are actively engaging in “combosquatting”, the act of registering domains that include popular trademarks (e.g. facebook-members.com and youtube-live.com) as a way of increasing user trust in their malicious domains. The authors performed a large-scale, longitudinal study of the phenomenon, quantified the abuse, and provided advice to companies and registrars.