Qingchuan Zhao


Assistant Professor
Department of Computer Science
City University of Hong Kong

Office: Y6427, Yeung Kin Man Academic Building (AC1)
Phone: +852 3442 8617
Email: cs DOT qczhao AT cityu DOT edu.hk

About Me

I am an Assistant Professor at the Department of Computer Science at the City University of Hong Kong. I received my Ph.D. degree from The Ohio State University supervised by Professor Zhiqiang Lin, Master's degree from the University of Florida, and Bachelor's degree from South China University of Technology. My primary research interests are on vulnerability discovery (in mobile apps, cloud, and IoT) and automated reverse engineering.

RA/Ph.D./Postdoc Positions Available: I am seeking self-motivated students with strong interests in security and privacy. If interested, please email me your CV and study plan. Those with no prior research experience or papers published/accepted are highly recommended to apply for the RA position.

Selected Awards

  • ACM SIGSOFT Distinguished Paper Award, 46th International Conference on Software Engineering (ICSE) 2024

Publications

Authors with "_" is the student under my supervision; ˆ indicates equal contribution; * indicates the corresponding author.
2024
  • [IEEE S&P'24] AVA: Inconspicuous Attribute Variation-based Adversarial Attack bypassing DeepFake Detection
    Xiangtao Meng, Li Wang, Shanqing Guo, Lei Ju, Qingchuan Zhao
    In Proceedings of the 45th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, May 2024.

  • [ICSE'24] Attention! Your Copied Data is Under Monitoring: A Systematic Study of Clipboard Usage in Android Apps [pdf] [bib]
    Yongliang Chen, Ruoqin Tang, Chaoshun Zuo, Xiaokuan Zhang, Lei Xue, Xiapu Luo, Qingchuan Zhao
    In Proceedings of 46th ACM/IEEE International Conference on Software Engineering, Lisbon, Portugal, April 2024.
    ACM SIGSOFT Distinguished Paper Award

  • [ICSE'24] DEMISTIFY: Identifying On-device Machine Learning Models Stealing and Reuse Vulnerabilities in Mobile Apps [pdf] [bib]
    Pengcheng Ren, Chaoshun Zuo, Xiaofeng Liu, Wenrui Diao, Qingchuan Zhao*, Shanqing Guo*
    In Proceedings of 46th ACM/IEEE International Conference on Software Engineering, Lisbon, Portugal, April 2024.
2023
  • [CCS'23] Recovering Fingerprints from In-Display Fingerprint Sensors via Electromagnetic Side Channel [pdf] [bib]
    Tao Ni, Xiaokuan Zhang, Qingchuan Zhao*
    In Proceedings of the 30th ACM Conference on Computer and Communications Security, Copenhagen, Denmark, Nov. 2023.

  • [MobiCom'23] XPorter: A Study of the Multi-Port Charger Security on Privacy Leakage and Voice Injection [pdf] [bib]
    Tao Ni, Yongliang Chen, Weitao Xu, Lei Xue, Qingchuan Zhao*
    In Proceedings of the 29th Annual International Conference on Mobile Computing and Networking, Madrid, Spain, Oct. 2023.

  • [MobiCom'23] Exploiting Contactless Side Channels in Wireless Charging Power Banks for User Privacy Inference via Few-shot Learning [pdf] [bib]
    Tao Ni, Jianfeng Li, Xiaokuan Zhang, Chaoshun Zuo, Wubing Wang, Weitao Xu, Xiapu Luo, Qingchuan Zhao*
    In Proceedings of the 29th Annual International Conference on Mobile Computing and Networking, Madrid, Spain, Oct. 2023.

  • [Security'23] Eavesdropping Mobile App Activity via Radio Frequency Energy Harvesting [pdf] [bib]
    Tao Ni, Guohao Lan, Jia Zhang, Qingchuan Zhao, and Weitao Xu*
    In Proceedings of the 32nd USENIX Security Symposium, Anaheim, CA, USA, Aug. 2023.

  • [SIGMETRICS'23] Detecting and Measuring Aggressive Location Harvesting in Mobile Apps via Data-flow Path Embedding [pdf] [bib]
    Haoran Lu^, Qingchuan Zhao^, Yongliang Chen, Xiaojing Liao, and Zhiqiang Lin
    In Proceedings of the ACM on Measurement and Analysis of Computing Systems (POMACS), Orlando, FL, USA, June 2023.

  • [IEEE S&P'23] Uncovering User Interactions on Smartphones via Contactless Wireless Charging Side Channels [pdf] [bib]
    Tao Ni, Xiaokuan Zhang, Chaoshun Zuo, Jianfeng Li, Zhenyu Yan, Wubing Wang, Weitao Xu, Xiapu Luo, and Qingchuan Zhao
    In Proceedings of the 44th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, May 2023.
2022
  • [SecureComm'22] No-Fuzz: Efficient Anti-fuzzing Techniques [pdf] [bib]
    Zhengxiang Zhou, Cong Wang, Qingchuan Zhao
    In Proceedings of the 18th International Conference on Security and Privacy in Communication Networks, Kansas City, Missouri, USA, Oct 2022.

  • [AsiaCCS'22] PeriScope: Comprehensive Vulnerability Analysis of Mobile App-defined Bluetooth Peripherals [pdf] [bib]
    Qingchuan Zhao, Chaoshun Zuo, Jorge Blasco, Zhiqiang Lin
    In Proceedings of the 17th ACM Asia Conference on Computer and Communications Security, Nagasaki, Japan, June 2022.
2021 and before
  • [SecureComm'20] On the Accuracy of Measured Proximity of Bluetooth-based Contact Tracing Apps (short paper) [pdf] [bib]
    Qingchuan Zhao, Haohuang Wen, Zhiqiang Lin, Dong Xuan, Ness Shroff
    In Proceedings of the 16th International Conference on Security and Privacy in Communication Networks, Washington DC, USA, Oct 2020.

  • [SecureComm'20] A Study of the Privacy of COVID-19 Contact Tracing Apps [pdf] [bib]
    Haohuang Wen, Qingchuan Zhao, Zhiqiang Lin, Dong Xuan, Ness Shroff
    In Proceedings of the 16th International Conference on Security and Privacy in Communication Networks, Washington DC, USA, Oct 2020.

  • [Security'20] FirmScope: Automatic Uncovering of Privilege-Escalation Vulnerabilitiesin Pre-Installed Apps in Android Firmware [pdf] [bib]
    Mohamed Elsabagh, Ryan Johnson, Angelos Stavrou, Chaoshun Zuo, Qingchuan Zhao, and Zhiqiang Lin
    In Proceedings of the 29th USENIX Security Symposium, Santa Clara, CA, USA, August 2020.

  • [IEEE S&P'20] Automatic Uncovering of Hidden Behaviors From Input Validation in Mobile Apps [pdf] [bib]
    Qingchuan Zhao, Chaoshun Zuo, Dolan-Gavitt Brendan, Giancarlo Pellegrino, Zhiqiang Lin
    In Proceedings of the 41st IEEE Symposium on Security and Privacy, San Francisco, CA, USA, May 2020.

  • [NDSS'20] Automated Cross-Platform Reverse Engineering of CAN Bus Commands from Mobile Apps [pdf] [bib]
    Haohuang Wen, Qingchuan Zhao, Qi Alfred Chen, Zhiqiang Lin
    In Proceedings of the 27th ISOC Network and Distributed System Security Symposium, San Diego, CA, USA, Feb 2020.

  • [DSN'19] Your IoTs Are (Not) Mine: On the Remote Binding Between IoT Devices and Users [pdf] [bib]
    Jiongyi Chen, Chaoshun Zuo, Wenrui Diao, Shuaike Dong, Qingchuan Zhao, Menghan Sun, Zhiqiang Lin, Yinqian Zhang, Kehuan Zhang
    In Proceedings of the 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, Portland, Oregon, USA, Jun 2019.

  • [NDSS'19] Geo-locating Drivers: A Study of Sensitive Data Leakage in Ride-Hailing Services [pdf] [bib]
    Qingchuan Zhao, Chaoshun Zuo, Giancarlo Pellegrino, Zhiqiang Lin
    In Proceedings of the 26th ISOC Network and Distributed System Security Symposium, San Diego, CA, USA, Feb 2019.

  • [NDSS'18] IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing [pdf] [bib]
    Jiongyi Chen, Wenrui Diao, Qingchuan Zhao, Chaoshun Zuo, Zhiqiang Lin, XiaoFeng Wang, Wing Cheong Lau, Menghan Sun, Ronghai Yang, Kehuan Zhang
    In Proceedings of the 25th ISOC Network and Distributed System Security Symposium, San Diego, CA, USA, Feb 2018.

  • [CCS'17] AuthScope: Towards Automatic Discovery of Vulnerable Authorizations in Online Services [pdf] [bib]
    Chaoshun Zuo, Qingchuan Zhao, Zhiqiang Lin
    In Proceedings of the 24th ACM Conference on Computer and Communications Security, Dallas, Texas, USA, Oct 2017.

  • [CODASPY'17] PT-CFI: Transparent Backward-Edge Control Flow Violation Detection Using Intel Processor Trace [pdf] [bib]
    Guofei Gu, Qingchuan Zhao, Yinqian Zhang, Zhiqiang Lin
    In Proceedings of the 7th ACM Conference on Data and Application Security and Privacy, Scottsdale, Arizona. March 2017

Professional Services

Conference Organization
  • Local organization co-chair: International Symposium on Research in Attacks, Intrusions and Defenses (RAID) 2023
Technical Program Committee (TPC) Member
  • ACM Conference on Computer and Communications Security (CCS) 2024
  • USENIX Security Symposium (Security) 2024
  • IEEE European Symposium on Security and Privacy (Euro S&P) 2024
  • International Symposium on Research in Attacks, Intrusions and Defenses (RAID) 2023-24
  • IEEE International Conference on Distributed Computing Systems (ICDSC) 2022-24
  • EAI International Conference on Security and Privacy in Communication Networks (SecureComm) 2022-24
  • ACM ASIA Conference on Computer and Communications Security (ASIACCS) 2021
  • International Conference on Information and Communications Security (ICICS) 2021-24
Reviewer
  • ACM The Web Conference (TheWebConf, formerly WWW) 2024
  • IEEE Transactions on Dependable and Secure Computing (TDSC) 2020-23

Grant

  • "Contactless Side Channels on Mobile Wireless Charging: Exploration and Mitigation", ECS, PI 2023.09-2026.08
  • "Enabling Metadata-private and Accountable Networks at Scale", CRF, Co-PI 2023.06-2026.05
  • "Identifying Vulnerability and Privacy Violation in Mobile Apps via Code Embedding", Start-up, PI 2022.02-2024.02

Teaching

  • CS 4293: Topics in Cybersecurity Semester B, 2021-24
  • CS 4394: Information Security and Management Semester A, 2021-24
  • CS 5293: Topics on Information Security Semester B, 2021-22,24
  • CS 5294: Information Security Technology Management Semester A, 2022-23