Mingming Zha

Mingming Zha 查明明

I am a Ph.D. student in Computer Science at Indiana University Bloomington advised by Prof. XiaoFeng Wang.

My work has been published in top-tier security conferences (such as IEEE S&P, CCS, USENIX Security, and NDSS), and has generated real-world impact as countermeasures.

My main research interest is Mobile Security, Program Analysis, and AI Security. Here is my CV.

News

  • Mar 2022: Zoom awarded us $250 for discovering vulnerabilities in Zoom.

  • Jul 2021: Slack awarded us $1,000 for discovering vulnerabilities in Slack.

  • Jul 2021: Rocket.Chat acknowledged our reported vulnerability on Rocket.Chat.

  • May 2021: Cliq acknowledged our reported vulnerability and also gives us a bounty.

Education

09/2019 - now Indiana University, Ph.D. in Computer Science

09/2016 - 07/2019 Chinese Academy of Sciences, Master in Cyber Security

09/2012 - 07/2016 Beijing Jiaotong University, Bachelor in Information Security

Publications

[1] Yi Chen, Di Tang, Yepeng Yao, Mingming Zha, Xiaofeng Wang, Xiaozhong Liu, Haixu Tang, Baoxu Liu, "Sherlock on Specs: Building LTE Conformance Tests through Automated Reasoning", USENIX Security'23, 2023 (Accepted)

[2] Mingming Zha, Jice Wang, Yuhong Nan, Xiaofeng Wang, Yuqing Zhang, Zelin Yang, "Hazard Integrated: Understanding Security Risks in App Extensions to Team Chat Systems", NDSS'22, 2022. [PDF] [Demo]

[3] Han Liu, Zhiyuan Yu, Mingming Zha, XiaoFeng Wang, William Yeoh, Yevgeniy Vorobeychik, Ning Zhang, "When Evil Calls : Targeted Adversarial Voice over IP-Telephony Network", CCS'22, 2022. (Accepted)[Demo]

[4] Yi Chen, Di Tang, Yepeng Yao, Mingming Zha, Xiaofeng Wang, Xiaozhong Liu, Haixu Tang, Dongfang Zhao, "Seeing the Forest for the Trees: Understanding Security Hazards in the 3GPP Ecosystem through Intelligent Analysis on Change Requests", USENIX Security '22, 2022 [PDF]

[5] Zhi Li, Weijie Liu, Hongbo Chen, Xiaofeng Wang, Xiaojing Liao, Luyi Xing, Mingming Zha, Hai Jin, Deqing Zou, "Robbery on DevOps: Understanding and Mitigating Illicit Cryptomining on Continuous Integration Service Platforms", IEEE S&P'22, 2022 [PDF]

[6] Yi Chen, Mingming Zha, Nan Zhang, Dandan Xu, Qianqian Zhao, Xuan Feng, Kan Yuan, Ya Su, Yuan Tian, Kai Chen, Xiaofeng Wang, Wei Zou, "Demystifying Hidden Privacy Settings in Mobile Apps", IEEE S&P’19, 2019. [PDF]

[7] Mingming Zha, Guozhu Meng, Chaoyang Lin, Zhe Zhou and Kai Chen. "RoLMA: A Practical Adversarial Attack against Deep Learning-based LPR Systems", Inscrypt’19, 2019. [PDF]

[8] Tongxin Li, Xueqiang Wang, Mingming Zha, Kai Chen, XiaoFeng Wang, Luyi Xing, Xiaolong Bai, Nan Zhang, Xinhui Han, "Unleashing the Walking Dead: Understanding Cross-App Remote Infections on Mobile WebViews", CCS’17, 2017. [PDF] [Demo]

[9] Yeonjoon Lee, Tongxin Li, Nan Zhang, Soteris Demetriou, Mingming Zha, XiaoFeng Wang, Kai Chen, Xiaoyong Zhou, Xinhui Han and Michael Grace, "Ghost Installer in the Shadow: Security Analysis of App Installation on Android", DSN’17, 2017. [PDF]

[10] Mingming Zha, Wei Wang, "A system of monitoring and protecting Android privacy leakage", CTCIS’15 , 2015. (In Chinese) [PDF]

Keynote Talks

[1] 2022 the Network and Distributed System Security (NDSS) Symposium, "Hazard Integrated: Understanding Security Risks in App Extensions to Team Chat Systems", April 27, 2022 (NDSS 22)

[2] 2015 4th National Summit Forum on Network Security: A system of monitoring Android privacy leakage. (XDef 2015)

[3] 2015 9th Chinese Conference on Trusted Computing and Information Security (CTCIS 2015)