Distinguished Lecture Series: Nick Nikiforakis on Tuesday, June 14, 3pm
As part of CISPA's Distinguished Lecture Series, we will have a virtual visit from Nick Nikiforakis next week (Tuesday 3pm). Nick has been doing Web security research for a long time and is one of the most cited authors in this area. If you want to attend the talk, you can either join virtually (see https://cispa.de/en/news-and-events/distinguished-lecture-series/lectures/nikiforakis for the details and Zoom link) or physically in the lecture hall where we will stream the lecture.
His talk will cover Web aspects in particular of mobile browsers, which we somewhat omit in the lecture. For more information, see the abstract below:
Recent years have seen a steady increase in the sales of mobile devices as more and more users purchase smartphones and tablets to supplement their computing needs. The smartphones' cleaner UIs in combination with an ever increasing number of apps and constantly decreasing prices, are attracting more and more users who entrust their devices with sensitive data, such as personal photographs, work emails, and financial information. To browse the web from these devices, users can choose between hundreds of competing mobile browsers, each advertising its own unique set of features. In this talk, we will discuss the idiosyncrasies of these mobile web browsers and show that they are vulnerable to attacks that were never an issue on traditional desktop browsers. We will first present the results of analyzing over 2,000 versions of mobile browsers, spanning five years and 128 browser families, and show that mobile browsers are becoming more vulnerable to certain classes of attacks with each passing year. We will then focus on the ability of mobile browsers to enforce standard security mechanisms, such as, the HTTP Strict Transport Security mechanism and Content-Security Policy. We will show that mobile browsers lag behind desktop browsers in their support of these mechanisms, resulting in users being less secure when they browse a given website over a mobile browser, as opposed to a desktop browser. Lastly, we will explore the workings of data-savings mobile browsers and how their unique design can open up users to attacks.