Cybersecurity and Privacy at Khoury College of Computer Sciences

eSIM (Embedded Subscriber Identity Module) technology is rapidly reshaping mobile connectivity by enabling users to activate cellular services without a physical SIM card. While the flexibility of remote provisioning improves convenience and scalability, particularly for international travelers, it also introduces complex and underexplored privacy and security risks. This paper presents an empirical investigation of how eSIM adoption affects user privacy, focusing on routing transparency, reseller access, and profile control. We first show how travel eSIMs often route user data through third-party networks, including Chinese infrastructure, regardless of user location. This raises concerns about jurisdictional exposure. Second, we analyze the implications of opaque provisioning workflows, documenting how resellers can access sensitive user data, proactively communicate with devices, and assign public IPs without user awareness. Third, we validate operational risks such as deletion failures and profile lock-in using a private LTE testbed. In addition to these empirical contributions, we reflect on the evolving threat landscape of eSIM technology and analyze the shifting trust boundaries introduced by its global provisioning architecture. We conclude with actionable recommendations for improving eSIM transparency, user control, and regulatory enforcement as the technology becomes widespread across smartphones, IoT deployments, and private networks.

Social robots are emerging consumer devices that promise sophisticated AI capabilities and emotional interaction. This study examines how four commercial social robots communicate their features to consumers and whether they deliver on these promises. We analyzed manufacturer claims against user experiences and reviews, finding significant variation in how robots advertise intelligent features and how consumers perceive their performance and capabilities. The findings reveal unique consumer risks associated with social robots and offer implications for regulators, developers, and researchers.

Single Sign-On (SSO) lets user log into multiple websites using just one username and password, making things easier for users but harder for developers to implement securely. Many websites now use third-party “broker” services to handle this SSO process for them – in fact, about 25% of websites with SSO rely on these brokers. However, researchers found serious security problems with this approach: brokers often don’t properly check where users are being redirected (allowing hackers to inject malicious code), sometimes give unauthorized access to user data (leading to account takeovers), and frequently ignore basic security rules. The study discovered vulnerabilities in over 50 broker services that put more than 2,000 websites at risk, suggesting this is a widespread problem that needs immediate attention to protect users’ online accounts.

Retrieval-Augmented Generation (RAG) enables Large Language Models (LLMs) to generate grounded responses by leveraging external knowledge databases without altering model parameters. Although the absence of weight tuning prevents leakage via model parameters, it introduces the risk of inference adversaries exploiting retrieved documents in the model’s context. Existing methods for membership inference and data extraction often rely on jailbreaking or carefully crafted unnatural queries, which can be easily detected or thwarted with query rewriting techniques common in RAG systems. In this work, we present Interrogation Attack (IA), a membership inference technique targeting documents in the RAG datastore. By crafting natural-text queries that are answerable only with the target document’s presence, our approach demonstrates successful inference with just 30 queries while remaining stealthy; straightforward detectors identify adversarial prompts from existing methods up to ~76x more frequently than those generated by our attack. We observe a 2x improvement in TPR@1%FPR over prior inference attacks across diverse RAG configurations, all while costing less than $0.02 per document inference.

Researchers studied ad transparency systems (ATSs) on 22 popular websites to understand how they inform users about targeted advertising. We found major differences in what information platforms provide and how they present it, with consistent ambiguity about data usage and settings impact across all platforms. In a user study with 198 participants exploring eight representative ATSs, we found that current systems are both overly complex and lacking key details, leaving many user questions unanswered. We identify specific design decisions that better support users.

This research examines how Maximal Extractable Value (MEV) – exploitative practices that extract profit from blockchain transactions – operates across Ethereum and its Layer-2 rollup solutions like Arbitrum, Optimism, and zkSync. While rollups were designed to reduce transaction costs compared to Ethereum’s main network, they lack public mempools, which changes how MEV extraction works compared to traditional blockchain environments.

The study analyzed nearly three years of data and found that MEV activity is widespread on rollups with trading volumes similar to Ethereum, though the profits are significantly lower despite reduced costs. Interestingly, while traditional sandwich attacks weren’t detected on popular rollups, the researchers identified a new threat: cross-layer sandwich attacks that exploit transactions moving between rollups and Ethereum. They propose three novel attack methods and estimate that attackers could have already profited approximately $2 million through these cross-layer exploits, highlighting new security challenges as decentralized finance expands across multiple blockchain layers.