BLESA: Spoofing Attacks against Reconnections in Bluetooth Low Energy
Jianliang Wu, Yuhong Nan, Vireshwar Kumar, Dave (Jing) Tian, Antonio Bianchi, Mathias Payer, Dongyan Xu. Proceedings of the USENIX Workshop on Offensive Technologies (WOOT), 2020. (12/36) [BibTex][PDF][Demo][Talk]
Best Paper Award

BlueShield: Detecting Spoofing Attacks in Bluetooth Low Energy (BLE) Networks
Jianliang Wu, Yuhong Nan, Vireshwar Kumar, Mathias Payer, and Dongyan Xu. In Proceedings of 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID), 2020. (31/121) [BibTex][PDF]

All your sessions are belong to us: Investigating authenticator leakage through backup channels on android
Guangdong Bai, Jun Sun, Jianliang Wu, Quanqi Ye, Li Li, Jin Song Dong, and Shanqing Guo. In 2015 20th International Conference on Engineering of Complex Computer Systems (ICECCS), 2015. [BibTex][PDF]
Best Paper Award

PaddyFrog: systematically detecting confused deputy vulnerability in Android applications
Jianliang Wu, Tingting Cui, Tao Ban, Shanqing Guo, and Lizhen Cui. Security and Communication Networks (SCN), vol. 8 no. 13 (2015): 2338-2349. [BibTex][PDF]

Automatically Detecting Ssl Error-Handling Vulnerabilities in Hybrid Mobile Web Apps
Chaoshun Zuo, Jianliang Wu, and Shanqing Guo. In Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security (ASIACCS), 2015. [BibTex][PDF]

TrustFound: Towards a Formal Foundation for Model Checking Trusted Computing Platforms
Guangdong Bai, Jianan Hao, Jianliang Wu, Yang Liu, Zhenkai Liang, and Andrew Martin. In International Symposium on Formal Methods (FM), 2014. [BibTex][PDF]

Discovered CVEs

BLESA on iOS Bluetooth Low Energy CVE-2020-9770
News Report
[ZDNet] [Security Boulevard] [Threatpost] [AppleInsider] [ITSecurityWire] [Digital Information World] [Bitdefender] [Dazeinfo] [Tom’s Guide] [] [cnBeta] [安全内参] and many more.

Exploiting Cross-Transport Key Derivation between Bluetooth BR/EDR and BLE CVE-2020-15802