About me
Hi there. I am now a Ph.D. candidate from the Department of Computer Science and Engineering of the Ohio State University. My advisor is professor Zhiqiang Lin. I earned my bachelor degree from South China University of Technology in 2018. I am honored to be a member of the SecLab at OSU.
My research interest focuses on program analysis and reverse engineering in general. I always love to design principled algorithms to analyze all kinds of application binaries (e.g., mobile apps, firmware binaries from embedded IoT systems and automobiles) and apply them to various security analysis tasks such as vulnerability detection, software debloating, etc.
I spent two summers (2021 and 2022) as a security research intern at SRI International, where I worked on 5G security under the supervision of Vinod Yegneswaran and Phillip Porras. My current research focus is to develop innovative security services for the 5G software-defined edge (e.g., user equipment and radio access network).
Research Interest
Program analysis
Mobile security and privacy (contact tracing for COVID-19
[SecureComm1],
[SecureComm2],
[GAEN+]
)
IoT security and privacy (
[BLEScope],
[FirmXRay],
[AutoMap]
)
Vehicle security (
[DongleScope],
[CANHunter],
[QtRE]
)
Cellular security for user equipments ([RILDefender])
and 5G Open Radio Access Network ([EW22])
Publications
Thwarting Smartphone SMS Attacks at the Radio Interface Layer
[pdf]
Haohuang Wen, Phillip Porras, Vinod Yegneswaran, and Zhiqiang Lin
To appear in the Network and Distributed System Security Symposium 2023 (NDSS 2023)
San Diego, CA, USA
Egg Hunt in Tesla Infotainment: A First Look at Reverse Engineering of Qt Binaries
[pdf]
Haohuang Wen, and Zhiqiang Lin
To appear in proceedings of the 32nd USENIX Security Symposium (USENIX Security 2023)
Anaheim, CA, USA
A Fine-Grained Telemetry Stream for Security Services in 5G Open Radio Access Networks
[pdf]
Haohuang Wen, Phillip Porras, Vinod Yegneswaran, and Zhiqiang Lin
In Proceedings of the 1st Workshop on Emerging Topics in Wireless (EmergingWireless 2022)
Rome, Italy
What You See is Not What You Get: Revealing Hidden Memory Mapping for Peripheral Modeling
[pdf]
Jun Yeon Won, Haohuang Wen, and Zhiqiang Lin
In Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2022)
Limassol, Cyprus
Replay (Far) Away: Exploiting and Fixing Google/Apple Exposure Notification Contact Tracing
[pdf]
Christopher Ellis, Haohuang Wen, Zhiqiang Lin, and Anish Arora
In Proceedings of the 29th Privacy Enhancing Technologies Symposium (PETS 2022)
Sydney, Australia
FirmXRay: Detecting Bluetooth Link Layer Vulnerabilities from Bare-Metal Firmware
[pdf]
Haohuang Wen, Zhiqiang Lin, and Yinqian Zhang
In Proceedings of the 27th ACM Conference on Computer and Communications Security (CCS 2020)
A Study of the Privacy of COVID-19 Contact Tracing Apps
[pdf]
Haohuang Wen, Qingchuan Zhao, Zhiqiang Lin, Dong Xuan, and Ness Shroff
In Proceedings of the International Conference on Security and Privacy in Communication Networks (SecureComm 2020)
On the Accuracy of Measured Proximity of Bluetooth-based Contact Tracing Apps
[pdf]
Qingchuan Zhao, Haohuang Wen, Zhiqiang Lin, Dong Xuan, and Ness Shroff
In Proceedings of the International Conference on Security and Privacy in Communication Networks (SecureComm 2020)
Automated Cross-Platform Reverse Engineering of CAN Bus Commands from Mobile Apps
[pdf]
Haohuang Wen, Qingchuan Zhao, Qi Alfred Chen and Zhiqiang Lin
In Proceedings of the Network and Distributed System Security Symposium (NDSS 2020)
San Diego, CA, USA
Plug-N-Pwned: Comprehensive Vulnerability Analysis of OBD-II Dongles as A New Over-the-Air Attack Surface in Automotive IoT
[pdf]
Haohuang Wen, Qi Alfred Chen and Zhiqiang Lin
In Proceedings of the 29th USENIX Security Symposium (USENIX Security 2020)
Automatic Fingerprinting of Vulnerable BLE IoT Devices with Static UUIDs from Mobile Apps
[pdf]
Chaoshun Zuo, Haohuang Wen, Zhiqiang Lin and Yinqian Zhang
In Proceedings of the 35th Annual Computer Security Applications Conference (CCS 2019)
London, UK
An Empirical Study of SDK Credential Misuse in iOS Apps
[pdf]
Haohuang Wen, Juanru Li, Yuanyuan Zhang and Dawu Gu
In Proceedings of 25th Asia-Pacific Software Engineering Conference (APSEC 2018)
Nara, Japan
ParGen: A Parallel Method for Partitioning Data Stream Applications in Mobile Edge Computing
[pdf]
Haohuang Wen, Lei Yang and Zhenyu Wang
IEEE Access 2018
Work Experience
Graduate Teaching Assistant (CSE5474 Software Security) Spring 2023
Graduate Research AssistantAug 2018-Present
Software developer intern at TencentJuly 2017-Sep 2017
Research intern at SRI International (focused on UE security)May 2021-July 2021
Research intern at SRI International (focused on 5G RAN security)May 2022-Aug 2022