We are working on several projects regarding security and privacy of Android and iOS devices.

We are conducting several projects in the area of cyber-physical systems and drones security.

We are conducting several projects in the area of autonomous vehicles security.

We are studying how to secure against the most common Controller Area Network (CAN bus) exploits.

We are studying how to automatically find logic bugs and fix them in robotic vehicles.

We are working on automatically patching and verifying compiled binary software.

We are trying to identify vulnerabilities in the Controller Area Network (CAN Bus) standard.

We study potential privacy leaks from stylus pencils with embedded magnets.

We are studying Programmable Logic Controller (PLC) code with considering the physical characteristics of the hybrid industrial control systems. Our goal is to establish a novel generic PLC-code vetting method that automatically uncover physical safety violations. Finding such physical safety violations is crucial since an attacker can effectively exploit them to impose a serious physical hazard that harm people.

We study how to debloat Bluetooth stack.

Many IoT devices are equipped with Bluetooth Low Energy (BLE) to support communication in an energy-efficient manner. Unfortunately, BLE is prone to spoofing attacks where an attacker can impersonate a benign BLE device and feed malicious data to its users. Defending against spoofing attacks is extremely difficult as security patches to mitigate them may not be adopted across vendors promptly; not to mention the millions of legacy BLE devices with limited I/O capabilities that do not support firmware updates.

We are studying how mobile applications currently use mobile messages to implement passwordless authentication schemes and the security implications of this choice.

We analyze the security of the BLE link-layer, focusing on the scenario in which two previously-connecteddevices reconnect. Based on a formal analysis of the reconnec-tion procedure defined by the BLE specification, we highlighttwo critical security weaknesses in the specification.

We study how mobile applications authenticate their users to remote backend servers. In particular, we focus on passwordless authentication schemes, using Trusted Execution Environments, biometric sensors, and mobile messages.