Nolen Scaife

Co-authored papers

2018

• Characterizing the Security of the SMS Ecosystem with Public Gateways

  ACM Transactions on Privacy and Security

  Bradley Reaves, Luis Vargas, Nolen Scaife, Dave Tian, Logan Blue, Patrick Traynor, and Kevin R. B. Butler

  DOI PDF

  A 28-month study of 900,000 public SMS gateway messages shows persistent insecure practices and widespread phone-verified account fraud evasion.

• Sonar: Detecting SS7 Redirection Attacks Via Call Audio-Based Distance Bounding

  Proceedings of the IEEE Symposium on Security and Privacy

  Christian Peeters, Hadi Abdullah, Nolen Scaife, Jasmine Bowers, Patrick Traynor, Bradley Reaves, and Kevin Butler

  DOI PDF

  Detects SS7 call redirection attacks by measuring audio round-trip times, catching 100% of real-world redirections in live network tests.

2017

• Mo(bile) Money, Mo(bile) Problems: Analysis of Branchless Banking Applications in the Developing World

  ACM Transactions on Privacy and Security

  Bradley Reaves, Jasmine Bowers, Nolen Scaife, Adam Bates, Arnav Bhartiya, Patrick Traynor, and Kevin R.B. Butler

  PDF

  A security analysis of all 46 Android mobile money apps reveals pervasive vulnerabilities and negligible improvement one year after our first study on the topic.

2016

• *droid: Assessment and evaluation of Android application analysis tools

  ACM Computing Surveys

  Bradley Reaves, Jasmine Bowers, Sigmond A. Gorski III, Olabode Anise, Rahul Bobhate, Raymond Cho, Hiranava Das, Sharique Hussain, Hamza Karachiwala, Nolen Scaife, Byron Wright, Kevin Butler, William Enck, and Patrick Traynor

  PDF

  Systematically evaluates published Android security analysis tools, finding most suffer from poor maintenance and fail on apps with known vulnerabilities.

• Sending Out an SMS: Characterizing the Security of the SMS Ecosystem with Public Gateways

  Proceedings of the IEEE Symposium on Security and Privacy

  Bradley Reaves, Nolen Scaife, Dave Tian, Logan Blue, Patrick Traynor, and Kevin Butler

  DOI PDF

  A 14-month analysis of 400,000 messages to public SMS gateways reveals widespread plaintext data leakage and phone-verified account evasion.

2015

• Mo(bile) Money, Mo(bile) Problems: Analysis of Branchless Banking Applications in the Developing World

  Proceedings of the USENIX Security Symposium

  Bradley Reaves, Nolen Scaife, Adam Bates, Patrick Traynor, and Kevin R.B. Butler

  PDF

  The first generation of mobile money applications had pervasive vulnerabilities that allow transaction modification and account impersonation.