Kevin Butler

Co-authored papers

2018

• Sonar: Detecting SS7 Redirection Attacks Via Call Audio-Based Distance Bounding

  Proceedings of the IEEE Symposium on Security and Privacy

  Christian Peeters, Hadi Abdullah, Nolen Scaife, Jasmine Bowers, Patrick Traynor, Bradley Reaves, and Kevin Butler

  DOI PDF

  Detects SS7 call redirection attacks by measuring audio round-trip times, catching 100% of real-world redirections in live network tests.

2017

• Regulators, Mount Up? Analysis of Privacy Policies for Mobile Money Applications

  Symposium on Usable Privacy and Security

  Jasmine Bowers, Bradley Reaves, Imani N. Sherman, Patrick Traynor, and Kevin Butler

  PDF

  Nearly half of mobile money services lack any privacy policy, and those that exist are often incomplete, unreadable, or unavailable in users’ primary languages.

• Transparent Web Service Auditing via Network Provenance Functions

  Proceedings of the International World Wide Web Conference

  Adam Bates, Wajih Ul Hassan, Kevin Butler, Alin Dobra, Bradley Reaves, Patrick Cable, Thomas Moyer, and Nabil Schear

  DOI PDF

  Network provenance functions trace attacks across distributed web service components with application-layer awareness and no software modifications.

• FinTechSec: Addressing the Security Challenges of Digital Financial Services

  IEEE Security & Privacy Magazine

  Patrick Traynor, Kevin Butler, Jasmine Bowers, and Bradley Reaves

  PDF

  Identifies security challenges unique to mobile money, SMS transactions, and emerging digital financial platforms.

2016

• *droid: Assessment and evaluation of Android application analysis tools

  ACM Computing Surveys

  Bradley Reaves, Jasmine Bowers, Sigmond A. Gorski III, Olabode Anise, Rahul Bobhate, Raymond Cho, Hiranava Das, Sharique Hussain, Hamza Karachiwala, Nolen Scaife, Byron Wright, Kevin Butler, William Enck, and Patrick Traynor

  PDF

  Systematically evaluates published Android security analysis tools, finding most suffer from poor maintenance and fail on apps with known vulnerabilities.

• Sending Out an SMS: Characterizing the Security of the SMS Ecosystem with Public Gateways

  Proceedings of the IEEE Symposium on Security and Privacy

  Bradley Reaves, Nolen Scaife, Dave Tian, Logan Blue, Patrick Traynor, and Kevin Butler

  DOI PDF

  A 14-month analysis of 400,000 messages to public SMS gateways reveals widespread plaintext data leakage and phone-verified account evasion.