UI researchers receives funds to protect cellphone users from cyber threats
DARPA presented UI professor Omar Chowdhury with a Young Faculty Award to fund his study of protecting against network threats to cell phone users.
Photo Illustration by Katie Goodale
September 29, 2019
In order to fund a study of threats to cellular-phone networks, University of Iowa Assistant Professor Omar Chowdhury recently received an award to honor promising work within the context of national security concerns.
The Young Faculty Award, presented by the Defense Advanced Research Projects Agency, is gifted to rising researchers to recognize and fund such work, according to the Defense Advanced Research Projects Agency website.
“[The research] starts with the insight that there are attacks that the user knows nothing about,” Chowdhury said.
Chowdhury said user location is an example of personal information that can easily be exposed without someone’s knowledge.
“There are a lot of existing attacks,” Chowdhury said. “There are ways [to attack] that people don’t realize. The situation is so bad that there is no indication that the user would know their location is being exposed.”
RELATED: Researchers at UI receive grant for cybersecurity research
Regardless of the type of phone, wireless network, or carrier, all users are at risk for cellular-network threats, Chowdhury said.
He said a third party would only need a phone number or access to an app through which the user receives push notifications to determine someone’s location. This is a result of a “vulnerable protocol” built into the basic function of the phone receiving information.
“Getting and receiving packets of information is one of the most extensive battery consuming activities,” Chowdhury said. “If the phone was always connected [to networks], it would die quickly, so it switches off when it is not communicating.”
Chowdhury said this is problematic, because if the phone receives a call or notification, a third party could take advantage of this unencrypted process to see the phone’s signal turn back on and locate the phone at that time.
RELATED: Student programmers compete at Hackathon
A major aspect of Chowdhury’s research is using pre-existing knowledge of these attacks to create programs, which alert people that their information is being exposed.
“Dr. Chowdhury will research how to develop a mobile app to detect malicious protocol activity, alerting the user to this activity and suggest courses of action to protect the device,” said Raymond Richards, a program manager in the Defense Advanced Research Projects Agency Information Innovation Office, in an email to The Daily Iowan.
According to research by the Global System for Mobile Communications association, adoption rates of smartphones will likely reach 77 percent saturation around the world by 2025. The organization recommended that cellular companies and operators work intentionally to improve device security.
Richards said Chowdhury’s approach involves creating “mathematically rigorous descriptions of malicious behavior” that are accessible to users and don’t drain their phone’s resources.
Chowdhury added that he hopes any new protections for users will be open to empower everyone.
“If someone is communicating sensitive information, this could be very useful to them,” Chowdhury said.
