Research teams of the Department of Information Engineering have recently revealed serious security loopholes in Android devices and social media.  The findings, which have been released in the ACM Conference on Computer and Communications Security 2014 and Black Hat USA 2014, have drawn wide attention in the research community, industry and media. 

Security Loophole in Android Voice Assistant 

Professor ZHANG Kehuan, Assistant Professor, Department of Information Engineering and his research team have identified a serious vulnerability lying in the Android built-in voice assistant module. A zero-permission malware installed on a user's smartphone could bring the Google Voice Search to the foreground and play some voice commands in the background.  Through voice feedback from Google Voice Search, a remote attacker could steal a user's private data without being noticed.  This attack method bypasses the Android permission protection mechanism.  It is estimated that over 550 million Android phones and tablets users are under threat. 

Professor Zhang’s team found that the zero-permission malware, named VoicEmployer,  once installed on a user's device, could invoke the Voice Dialer mode of Google Voice Search even though the device is locked with a password.  Through voice dialing commands, VoicEmployer can make phone calls to any arbitrary numbers.  The attacker can even send voice commands to make the victim's device send SMS/email and steal the user's private data (such as voicemail, calendar, location, etc.). For example, the attacker can send a voice command: ‘what is my next meeting?’, Google Voice Search, after recognizing the command, may give a voice feedback such as ‘your next calendar entry is ...’, 

Professor Zhang said, ‘We have reported this vulnerability and the corresponding attack schemes to the Google Security Team. The problem has been partly fixed in the subsequent versions of Google Voice Search.  We suggest smartphone users to use applications provided by the official stores only and not to install applications from untrusted sources.’ 

Security Problems in Authentication Protocol of Social Media

Professor LAU Wing-cheong, Associate Professor, Department of Information Engineering and his graduate students, HU Pili and YANG Ronghai, have revealed a series of security problems with the design, implementation and practical deployment of the Open Authentication protocol (OAuth 2.0) which is widely adopted by various online social networks (OSN) worldwide. Exploiting the vulnerabilities, hackers can pass themselves off as application developers to embezzle personal data from over 100 million users within a short period of time. 

OAuth 2.0 protocol has been widely adopted by OSN providers since its inception. Professor Lau’s team has recently discovered that it is vulnerable to the so-called App impersonation attack due to its provision of multiple authorization flows and token types.  Based on their study on 12 major OSN providers, the team found that App impersonation via OAuth 2.0, when combined with additional application-programming interface (API) design features or deficiencies, will enable large-scale exploitation and privacy leaks.  For example, it becomes possible for an attacker to completely crawl an OSN with more than 100 million users within a short period of time and harvest data like the status lists and friend lists which are expected to be private information. 

Professor Lau’s team has developed an automatic testing tool, OAuthTester, to systematically test the safety levels of various applications and social media. It is found that OAuth-related vulnerabilities have been widely spread.  Professor Lau said, ‘Our findings show that it is urgent for industrial practitioners to review their OAuth system design to protect users’ privacy. We have informed all the affected OSN providers and proposed solutions that can be readily deployed.’ 

CUHK Named World’s Most Impactful Research Institution in Telecoms 

The CUHK has recently been named by Thomson Reuters as one of the 10 research institutions in the world with the most impact on telecommunications. Amongst US and European universities, it is the only Asian institution on the list. The recognition was given to 10 institutions having the highest citation impact (research papers being the most highly cited by peers thereby indicating global influence) from 2004 to 2014. Details of the ranking are available in Thomson Reuters’ global innovation report ‘The Future Is Open: 2015 State of Innovation’. 

CUHK embarked on telecommunications research in 1970 when former Vice-Chancellor Professor Charles KAO founded the Department of Electronic Engineering. Professor Kao was the innovator of the ground breaking optical fibre communication that changed the world, and at the same time, he built a long-term research strategy focusing on electronic engineering, as well as information and communications technologies at CUHK. Today, both the departments of Electronic Engineering and Information Engineering have been making great strides in both theories and applications of telecommunications and network research, including but not limited to fiber-optic communications, wireless communications, network coding and network security.

CUHK embarked on telecommunications research in 1970 when former Vice-Chancellor Prof. Charles KAO founded the Department of Electronic Engineering. Professor Kao innovated the groundbreaking optical fibre communication that changed the world, and at the same time, he built a long-term research strategy focusing on electronic engineering, as well as information and communications technologies at CUHK. Today, both the departments of Electronic Engineering and Information Engineering have been making great strides in both theories and applications of telecommunications and network research, including but not limited to fiber-optic communications, wireless communications, network coding and network security. 

Prof. TSANG Hon-ki, Chairman, Department of Electronic Engineering, CUHK, said, ‘The recognition given by Thomson Reuters is a reflection on the hard work and contributions of many of our professors in terms of research papers and patents in telecommunications. Our cutting-edge research also ensures that our students receive the most updated education in engineering.’ 

Prof. CHIU Dah-ming, Chairman, Department of Information Engineering, CUHK, said, ‘We are very pleased to see that our research performance and applications in telecommunications are outstanding and well above international standards. The Faculty has always been committed to strengthening the research in fiber-optic communications, wireless communications, digital signal processing and information theory.’ 

CUHK Pioneers Network Coding Technologies 

The network coding theory originated at CUHK is a major breakthrough in information sciences. Its fundamental concept was introduced in the late 1990s, largely due to the work of Prof. YEUNG Wai-ho Raymond, Choh-Ming Li Professor of Information Engineering, and Co-Director, Institute of Network Coding, CUHK, and his research team. Network coding is a technique that replaces routers with coders that transmit ‘evidence’ of a message instead of sending the message itself. The receiver can deduce the original message by the evidence collected, making network communications more efficient, reliable, stable and secure. 

The textbook authored by Professor Yeung ‘Information Theory and Network Coding’ has been widely adopted in top research institutes including MIT, Caltech, Stanford University and University of California, Berkeley. Professor Yeung and his collaborators have recently been granted the prestigious 2016 IEEE Eric E. Sumner Award for their pioneering contributions to the field of network coding. They are the first research team in Asia Pacific to receive this honour. 

Latest Network Coding Technique Tackles Data Loss

Professor Yeung’s research team has recently put forward the BATched Sparse Code (BATS code), one of the most mature network coding techniques in the world. It overcomes the problem of data loss during wireless transmission and offers higher speed, reliability and stability. Compared with conventional random linear network coding, BATS codes offer a lower encoding and decoding complexity, and require a much smaller buffer size at the intermediate nodes. For example, for a multihop network with 20% rate loss per link, BATS code can increase the transmission rate by 56% and reduce the loss rate by 29%.  BATS has already obtained a number of patents from different countries and the team is now working towards its future applications in 5G wireless communications, satellite communications, Internet of Things, and wireless sensor/mesh networks. 

Addressing the Interference Bottleneck Problem

In conventional wireless networks, mutual interferences among wireless devices are viewed as hindrances to efficient communications. For instance, when many people at a time use the free Wi-Fi network at the airport, the internet speed will be very slow due to concurrent access and mutual interference among the users’ devices.  Having devoted 10 years of time, Prof. LIEW Soung-chang, Division Head of Information Engineering, and Co-Director, Institute of Network Coding, CUHK, and his research team have successfully developed and prototyped the revolutionary Physical-layer Network Coding (PNC) as a promising technique that can significantly improve the capacity and energy efficiency of wireless networks by tackling the wireless interference problem. PNC turns interferences from a disadvantage to an advantage by efficiently harnessing the hidden useful information contained in the interferences. 

Professor Liew said, ‘Compared with conventional schemes, PNC can accommodate a larger number of wireless devices in a wireless network without sacrificing the speed. The essence of PNC is to harness multi-user interferences and allows multiple devices to transmit their messages simultaneously. PNC efficiently addresses the interference bottleneck problem in wireless networks, leading to a dramatically improved system throughput by 100%.’ PNC has immense application potential, including earth-to-space communications. The new communication paradigm brought forth by PNC has attracted much attention of researchers in the field of wireless communications and networking. To date, many international journals and academic workshops have been studying the new research outcomes of PNC. 

A Hong Kong Success Story 

CUHK established The Institute of Network Coding (INC) in 2010 with a funding of over HK$80 million from the University Grants Committee. Led by Professor Yeung and others, the Institute conducts cutting-edge research on the theory of network coding and its various applications in Internet communications, wireless communications, information security, data storage and bioinformatics. Professor Yeung hopes to further enhance Hong Kong’s leading position in network coding, adding another chapter to this particular Hong Kong success story, and building in Hong Kong a world-leading network coding centre by maintaining a world-class research team with comprehensive expertise covering all areas of Network Coding. He also hopes in the long term the INC will continue to attract overseas investors to set up research institutes and to develop related industries in Hong Kong, which will have a positive impact on the local economy. 

‘Originated at CUHK, network coding theory has now been developed into an important research field. I am very honoured by this, and I hope our research results will bring  significant impact to the world,’ said Prof. Yeung.