張克環(香港中文大學信息工程系助理教授)

研究方向

主要成就

1. Android系統安全漏洞研究據報導，港中大信息工程學系助理教授張克環領導的團隊，去年發現Android內置的語音助手系統存在安全漏洞，遂設計出一套名為“VoicEmployer”的惡意軟體，成功測試到黑客在未獲授權的情況下，能輕易繞過現有Android系統的數據保護機制，操控受密碼保護的手機，啟動Google語音搜尋並播放惡意語音指令，如任意撥號，還可以語音控制用戶的手機傳送惡意短訊、電郵，甚至查詢手機的語音電郵(voice mail)、行事曆、當前位置等數據。據統計，全球逾5億名用家受到影響。

代表論文

1. Xiangyu Liu, Zhe Zhou, Wenrui Diao, Zhou Li, Kehuan Zhang. When Good Becomes Evil: Keystroke Inference with Smartwatch. Accepted by ACM CCS'2015. To appear in Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS'2015). Denver, Colorado, US. October 12-16, 2015. Accepted rate 19.8% (128/646).
2. Wenrui Diao, Xiangyu Liu, Zhe Zhou, Kehuan Zhang and Zhou Li. Mind-Reading: Privacy Attacks Exploiting Cross-App KeyEvent Injections. Accepted. To appear in proceedings of the 20th European Symposium on Researchh in Computer Security (ESORICS’2015). Sept 21-25, 2015. Vienna, Austria. Acceptance rate 19.79% (58/293)
3. Xiangyu Liu, Zhe Zhou, Wenrui Diao, Zhou Li, Kehuan Zhang. An Empirical Study on Android for Saving Non-shared Data on Public Storage. Accepted, to appear in the 30th IFIP International Information Security and Privacy Conference (IFIP SEC’2015). Hamburg, Germany. May 26-28, 2015.
4. Zhe Zhou, Wenrui Diao, Xiangyu Liu and Kehuan Zhang. Acoustic Fingerprinting Revisited: Generate Stable Device ID Stealthily with Inaudible Sound. Accepted by the 21st ACM Conference on Computer and Communications Security (CCS'2014), Scottsdale, Arizona, USA. November 3-7, 2014. Acceptance Rate: 19% (114/585).
5. Wenrui Diao, Xiangyu Liu, Zhe Zhou and Kehuan Zhang. Your Voice Assistant is Mine: How to Abuse Speakers to Steal Information and Control Your Phone. Accepted by the 4th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM'2014). Scottsdale, Arizona, USA, November 3-7, 2014. Our preview has get wide media coverages according to Google search: https://www.google.com.hk/search?q=Android+GVS+attack Please click here to download the preview version.
6. Zhou Li, Kehuan Zhang, Yinglian Xie, Fang Yu, XiaoFeng Wang, Knowing Your Enemy: Understanding and Detecting Malicious Web Advertising. The 19th ACM Conference on Computer and Communications Security (CCS’12), Raleigh, North Carolina, Oct. 2012.
7. Kehuan Zhang , Xiaoyong Zhou, Yangyi Chen, XiaoFeng Wang, Yaoping Ruan. Sedic:Privacy-Aware Data Intensive Computing on Hybrid Clouds. In Proceedings of 18th ACM Conference on Computer and Communications Security (CCS'11).October 17-21, 2011, Chicago, Illinois, USA. Acceptance Rate: 14% (60/429).
8. Roman Schlegel, Kehuan Zhang , Xiaoyong Zhou, MehoolIntwala, Apu Kapadia, and XiaoFeng Wang, "Soundcomber: A Stealthy andContext-Aware Sound Trojan for Smartphones", In Proceedings of the 18thAnnual Network & Distributed System Security Symposium (NDSS '11), pp.17-33, San Diego, CA, February 6-9, 2011. USA. Acceptance Rate: 20% (28/139).
9. Kehuan Zhang , Zhou Li, Rui Wang, XiaoFeng Wang and Shuo Chen.Sidebuster: Automated Detection and Quantification of Side-Channel Leaksin Web Application Development. 17th ACM Conference on Computer andCommunications Security (CCS'2010). Oct 2010, Chicago, IL, USA. Acceptance Rate: 17% (55/320)
10. Shuo Chen, Rui Wang, Xiaofeng Wang and Kehuan Zhang .Side-Channel Leaks in Web Applications: a Reality Today, a ChallengeTomorrow. The 31st IEEE Security and Privacy Symposium, OaklandCalifornia, USA, 2010. Acceptance Rate: 11%(26/237) 2011 runner-up award for Outstanding Research in Privacy Enhancing Technologies.
11. Zhou Li, Kehuan Zhang , XiaofengWang. Mash-IF: PracticalInformation-Flow Control within Client-side Mashups. The 40th DependableSystems and Networks (DSN 2010), Chicago, Illinois, USA.
12. Kehuan Zhang , Xiaofeng Wang. Peeping Tom in the Neighborhood:Keystroke Eavesdropping on Multi-User Systems. USENIX SecuritySymposium, August, Montreal, Canada, 2009. Acceptance Rate: 14.8% (26/176)
13. Rui Wang, XiaoFeng Wang, Kehuan Zhang and Zhuowei Li. Towardsautomatic reverse engineering of software security configurations.Proceedings of the 15th ACM conference on Computer and communicationssecurity (CCS' 08), pp245-256, Oct 2008. Acceptance Rate: 18%(51/281) [*First three authors are listed in alphabetical order].