On SMS Phishing Tactics and Infrastructure
IEEE Symposium on Security and Privacy
Aleksandr Nahapetyan, Sathvik Prasad, Kevin Childs, Adam Oest, Yeganeh Ladwig, Alexandros Kapravelos, Bradley Reaves
We study over 67,000 SMS phishing messages and develop techniques to isolate campaigns and link campaigns to operations through shared infrastructure.
Diving into Robocall Content with SnorCall
USENIX Security Symposium
Sathvik Prasad, Trevor Dunlap, Alexander Ross, and Bradley Reaves
Research paper introducing SnorCall, a framework that scalably and efficiently extracts content from robocalls. SnorCall enables us to obtain first estimates on how prevalent different scam topics are, determine which organizations are referenced in these calls, estimate the average amounts solicited in scam calls, identify shared infrastructure between campaigns, and monitor the rise and fall of election-related political calls.
Diving into Robocall Content with SnorCall
USENIX ;Login: Magazine
Sathvik Prasad and Brad Reaves
Short article for practitioners where we provide insights from accurate, automated analysis of transcripts from 232,0000 robocalls. Based on our 2023 USENIX Security Research Paper
Who's Calling? Characterizing Robocalls through Audio and Metadata Analysis
USENIX Security Symposium
Sathvik Prasad, Elijah Bouma-Sims, Athishay Kiran Mylappan, and Bradley Reaves
This research paper presents our first large-scale, longitudinal analysis of unsolicited calls to a honeypot of up to 66,606 lines over 11 months. We characterize long-term trends of unsolicited calls, develop the first techniques to measure voicemail spam and wangiri attacks, and identify unexplained high-volume call incidences. We use recorded call audio to cluster related calls into operational campaigns, allowing us to characterize how these campaigns use telephone numbers.
AuthentiCall: Efficient Identity and Content Authentication for Phone Calls
USENIX Security Symposium
Bradley Reaves, Logan Blue, Hadi Abdullah, Luis Vargas, Patrick Traynor, and Thomas Shrimpton
This research paper describes the design and evaluation of a prototype end-to-end cryptographic call authentication system that uses an out-of-band Internet channel to exchange identity and in-call integrity measurements.
AuthLoop: End-to-End Cryptographic Authentication for Telephony over Voice Channels
USENIX Security Symposium
Bradley Reaves, Logan Blue, and Patrick Traynor
This research paper describes the design and evaluation of a prototype system that authenticates calls with an in-band cryptographic authentication protocol in the voice channel.
Sending Out an SMS: Characterizing the Security of the SMS Ecosystem with Public Gateways
IEEE Symposium on Security and Privacy
Bradley Reaves, Nolen Scaife, Dave Tian, Logan Blue, Patrick Traynor, and Kevin R. B. Butler
This research paper studies nearly 400,000 text messages sent to public online SMS gateways over the course of 14 months. We see services sending extremely sensitive plaintext data, services, implementing low entropy solutions for one-use codes, measure the prevalence of SMS spam, and show that public gateways are primarily used for evading account creation policies that require verified phone numbers.