Patrick Traynor

Co-authored papers

2018

• Characterizing the Security of the SMS Ecosystem with Public Gateways

  ACM Transactions on Privacy and Security

  Bradley Reaves, Luis Vargas, Nolen Scaife, Dave Tian, Logan Blue, Patrick Traynor, and Kevin R. B. Butler

  DOI PDF

  A 28-month study of 900,000 public SMS gateway messages shows persistent insecure practices and widespread phone-verified account fraud evasion.

• A Large Scale Investigation of Obfuscation Use in Google Play

  Proceedings of the Annual Computer Security Applications Conference

  Dominik Wermke, Nicolas Huaman, Yasemin Acar, Bradley Reaves, Patrick Traynor, and Sascha Fahl

  PDF

  Only 25% of 1.7 million Google Play apps use obfuscation, and most developer attempts to apply it fail.

• Sonar: Detecting SS7 Redirection Attacks Via Call Audio-Based Distance Bounding

  Proceedings of the IEEE Symposium on Security and Privacy

  Christian Peeters, Hadi Abdullah, Nolen Scaife, Jasmine Bowers, Patrick Traynor, Bradley Reaves, and Kevin Butler

  DOI PDF

  Detects SS7 call redirection attacks by measuring audio round-trip times, catching 100% of real-world redirections in live network tests.

2017

• Regulators, Mount Up? Analysis of Privacy Policies for Mobile Money Applications

  Symposium on Usable Privacy and Security

  Jasmine Bowers, Bradley Reaves, Imani N. Sherman, Patrick Traynor, and Kevin Butler

  PDF

  Nearly half of mobile money services lack any privacy policy, and those that exist are often incomplete, unreadable, or unavailable in users’ primary languages.

• AuthentiCall: Efficient identity and content authentication for phone calls

  Proceedings of the USENIX Security Symposium

  Bradley Reaves, Logan Blue, Hadi Abdullah, Luis Vargas, Patrick Traynor, and Tom Shrimpton

  PDF

  Provides cryptographic caller-ID verification and conversation integrity for phone calls with minimal overhead.

• Phonion: Practical protection of metadata in telephony networks

  Proceedings on Privacy Enhancing Technologies

  Stephan Heuser, Bradley Reaves, Praveen Kumar Pendyala, Henry Carter, Alexandra Dmitrienko, William Enck, Negar Kiyavash, Ahmad-Reza Sadeghi, and Patrick Traynor

  DOI PDF

  Phonion routes traditional voice calls across multiple carriers to provide unlinkable communication with good voice quality.

• Mo(bile) Money, Mo(bile) Problems: Analysis of Branchless Banking Applications in the Developing World

  ACM Transactions on Privacy and Security

  Bradley Reaves, Jasmine Bowers, Nolen Scaife, Adam Bates, Arnav Bhartiya, Patrick Traynor, and Kevin R.B. Butler

  PDF

  A security analysis of all 46 Android mobile money apps reveals pervasive vulnerabilities and negligible improvement one year after our first study on the topic.

• FinTechSec: Addressing the Security Challenges of Digital Financial Services

  IEEE Security & Privacy Magazine

  Patrick Traynor, Kevin Butler, Jasmine Bowers, and Bradley Reaves

  PDF

  Identifies security challenges unique to mobile money, SMS transactions, and emerging digital financial platforms.

2016

• *droid: Assessment and evaluation of Android application analysis tools

  ACM Computing Surveys

  Bradley Reaves, Jasmine Bowers, Sigmond A. Gorski III, Olabode Anise, Rahul Bobhate, Raymond Cho, Hiranava Das, Sharique Hussain, Hamza Karachiwala, Nolen Scaife, Byron Wright, Kevin Butler, William Enck, and Patrick Traynor

  PDF

  Systematically evaluates published Android security analysis tools, finding most suffer from poor maintenance and fail on apps with known vulnerabilities.

• Authloop: Practical end-to-end cryptographic authentication for telephony over voice channels

  Proceedings of the USENIX Security Symposium

  Bradley Reaves, Logan Blue, and Patrick Traynor

  PDF

  A TLS-inspired authentication protocol sent over the voice audio channel verifies caller identity without network changes or a data connection.

• Detecting SMS spam in the age of legitimate bulk messaging

  Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks

  Bradley Reaves, Logan Blue, Dave Tian, Patrick Traynor, and Kevin R. B. Butler

  DOI PDF

  Shows legitimate bulk messages like verification codes collapse SMS spam filter recall to 23%, and releases the largest public SMS spam dataset to date.

• Sending Out an SMS: Characterizing the Security of the SMS Ecosystem with Public Gateways

  Proceedings of the IEEE Symposium on Security and Privacy

  Bradley Reaves, Nolen Scaife, Dave Tian, Logan Blue, Patrick Traynor, and Kevin Butler

  DOI PDF

  A 14-month analysis of 400,000 messages to public SMS gateways reveals widespread plaintext data leakage and phone-verified account evasion.

2015

• Mo(bile) Money, Mo(bile) Problems: Analysis of Branchless Banking Applications in the Developing World

  Proceedings of the USENIX Security Symposium

  Bradley Reaves, Nolen Scaife, Adam Bates, Patrick Traynor, and Kevin R.B. Butler

  PDF

  The first generation of mobile money applications had pervasive vulnerabilities that allow transaction modification and account impersonation.

• Boxed Out: Blocking Cellular Interconnect Bypass Fraud at the Network Edge

  Proceedings of the USENIX Security Symposium

  Bradley Reaves, Ethan Shernan, Adam Bates, Henry Carter, and Patrick Traynor

  PDF

  Audio degradation signatures left by VoIP-to-GSM gateways enable network-edge detection of SIMbox interconnect bypass fraud, which costs operators over $2 billion annually.

• Uncovering Use-After-Free Conditions In Compiled Code

  Proceedings of the International Conference on Availability, Reliability, and Security

  David Dewey, Bradley Reaves, and Patrick Traynor

  DOI

  Static analysis detects use-after-free vulnerabilities directly in compiled binaries without requiring source code access.

2013

• MAST: Triage for Market-scale Mobile Malware Analysis

  Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks

  Saurabh Chakradeo, Bradley Reaves, Patrick Traynor, and William Enck

  PDF

  App markets can scale malicious code detection by triaging on app package metadata to find 95% of malware while examining only 13% of benign apps.

• The Core of the Matter: Analyzing Malicious Traffic in Cellular Carriers

  Proceedings of the Network and Distributed System Security Symposium

  Charles Lever, Manos Antonakakis, Brad Reaves, Patrick Traynor, and Wenke Lee

  PDF Slides

  Carrier DNS traffic reveals that mobile malware is rare — fewer than 0.0009% of devices contact known malicious infrastructure.