Haohuang Wen

Postdoctoral Researcher
The Ohio State University


Email: wen DOT 423 AT osu DOT edu
Office: 252 Dreese Lab

About me

Hi there. I have received my Ph.D. degree in 2024 from the Department of Computer Science and Engineering of The Ohio State University, advised by Prof. Zhiqiang Lin. Before that, I earned my B.Eng. from South China University of Technology in 2018.

My current research interest is mobile and cellular network security. I design and develop modularized security services on top of the emerging Open Radio Access Network (O-RAN) architecture to make (5G and future G) cellular networks more secure and intelligent. Currently, I closely work with SRI International on the Security-Enhanced Radio Access Network (SE-RAN) project supported by the NSF 5G convergence accelerator program. Please visit our website: 5gsec.com for the most recent updates!

I spent three summers (2021-2023) as a security research intern at the computer science lab of SRI International, where I had the privilege to work with Vinod Yegneswaran and Phillip Porras on 5G security.

I am also interested in applying program analysis and reverse engineering to solve interesting security problems. I always love to design principled algorithms to analyze all kinds of application binaries (e.g., mobile applications, firmware binaries from embedded IoT systems and automobiles) and apply them to various security analysis tasks such as vulnerability detection and so on.

I actively maintain an open bibliography page for cellular security papers, projects, and resources on Github. Check here for details.


Research Interest

  • Cellular (5G) security ( [MobiFlow], [5G-Spector], [6G-XSec] ) and Privacy ( [RILDefender] )
  • Program analysis and its application for:

  • Publications

  • 6G-XSec: Explainable Edge Security for Emerging OpenRAN Architectures
    [pdf] [code] [demo video]

    Haohuang Wen, Prakhar Sharma, Vinod Yegneswaran, Phillip Porras, Ashish Gehani, and Zhiqiang Lin
    In the Twenty-Third ACM Workshop on Hot Topics in Networks (HotNets 2024)
    Irvine, CA, USA

  • BaseMirror: Automatic Reverse Engineering of Baseband Commands from Android’s Radio Interface Layer
    [pdf] [code]

    Wenqiang Li*, Haohuang Wen*, and Zhiqiang Lin (* indicates equal contribution)
    In proceedings of the 31st ACM Conference on Computer and Communications Security (CCS 2024)
    Salt Lake City, UT USA

  • 5G-Spector: An O-RAN Compliant Layer-3 Cellular Attack Detection Service
    [pdf] [slides] [code] [demo video]

    Haohuang Wen, Phillip Porras, Vinod Yegneswaran, Ashish Gehani, and Zhiqiang Lin
    In the Network and Distributed System Security Symposium 2024 (NDSS 2024)
    San Diego, CA, USA
    Distinguished Artifact Award (2 out of 38 submitted artifacts among 140 papers)

  • Thwarting Smartphone SMS Attacks at the Radio Interface Layer
    [pdf] [slides] [code]

    Haohuang Wen, Phillip Porras, Vinod Yegneswaran, and Zhiqiang Lin
    In the Network and Distributed System Security Symposium 2023 (NDSS 2023)
    San Diego, CA, USA

  • Egg Hunt in Tesla Infotainment: A First Look at Reverse Engineering of Qt Binaries
    [pdf] [slides] [code]

    Haohuang Wen, and Zhiqiang Lin
    In proceedings of the 32nd USENIX Security Symposium (USENIX Security 2023)
    Anaheim, CA, USA

  • A Fine-Grained Telemetry Stream for Security Services in 5G Open Radio Access Networks
    [pdf]

    Haohuang Wen, Phillip Porras, Vinod Yegneswaran, and Zhiqiang Lin
    In Proceedings of the 1st Workshop on Emerging Topics in Wireless (EmergingWireless 2022)
    Rome, Italy

  • What You See is Not What You Get: Revealing Hidden Memory Mapping for Peripheral Modeling
    [pdf] [code]

    Jun Yeon Won, Haohuang Wen, and Zhiqiang Lin
    In Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2022)
    Limassol, Cyprus

  • Replay (Far) Away: Exploiting and Fixing Google/Apple Exposure Notification Contact Tracing
    [pdf] [code]

    Christopher Ellis, Haohuang Wen, Zhiqiang Lin, and Anish Arora
    In Proceedings of the 29th Privacy Enhancing Technologies Symposium (PETS 2022)
    Sydney, Australia

  • FirmXRay: Detecting Bluetooth Link Layer Vulnerabilities from Bare-Metal Firmware
    [pdf] [slides] [code]

    Haohuang Wen, Zhiqiang Lin, and Yinqian Zhang
    In Proceedings of the 27th ACM Conference on Computer and Communications Security (CCS 2020)

  • A Study of the Privacy of COVID-19 Contact Tracing Apps
    [pdf]

    Haohuang Wen, Qingchuan Zhao, Zhiqiang Lin, Dong Xuan, and Ness Shroff
    In Proceedings of the International Conference on Security and Privacy in Communication Networks (SecureComm 2020)

  • On the Accuracy of Measured Proximity of Bluetooth-based Contact Tracing Apps
    [pdf]

    Qingchuan Zhao, Haohuang Wen, Zhiqiang Lin, Dong Xuan, and Ness Shroff
    In Proceedings of the International Conference on Security and Privacy in Communication Networks (SecureComm 2020)

  • Automated Cross-Platform Reverse Engineering of CAN Bus Commands from Mobile Apps
    [pdf] [slides] [code]

    Haohuang Wen, Qingchuan Zhao, Qi Alfred Chen and Zhiqiang Lin
    In Proceedings of the Network and Distributed System Security Symposium (NDSS 2020)
    San Diego, CA, USA

  • Plug-N-Pwned: Comprehensive Vulnerability Analysis of OBD-II Dongles as A New Over-the-Air Attack Surface in Automotive IoT
    [pdf] [slides] [code]

    Haohuang Wen, Qi Alfred Chen and Zhiqiang Lin
    In Proceedings of the 29th USENIX Security Symposium (USENIX Security 2020)

  • Automatic Fingerprinting of Vulnerable BLE IoT Devices with Static UUIDs from Mobile Apps
    [pdf]

    Chaoshun Zuo, Haohuang Wen, Zhiqiang Lin and Yinqian Zhang
    In Proceedings of the 26th ACM Conference on Computer and Communications Security (CCS 2019)
    London, UK

  • An Empirical Study of SDK Credential Misuse in iOS Apps
    [pdf]

    Haohuang Wen, Juanru Li, Yuanyuan Zhang and Dawu Gu
    In Proceedings of 25th Asia-Pacific Software Engineering Conference (APSEC 2018)
    Nara, Japan

  • ParGen: A Parallel Method for Partitioning Data Stream Applications in Mobile Edge Computing
    [pdf]

    Haohuang Wen, Lei Yang and Zhenyu Wang
    IEEE Access 2018


  • Professional Service

  • Technical Program Committee (TPC) Members:
    • The ACM Conference on Computer and Communications Security (CCS): 25
    • Workshop on Security and Privacy of Next-Generation Networks (FutureG): 24
    • The ACM Web Conference (WWW): 24, 25
    • ACSAC Artifact Evaluation Committee: 19
  • Reviewer:
    • IEEE Transactions on Intelligent Transportation Systems: 24
    • IEEE Transactions on Mobile Computing (TMC): 24
    • International Conference on Security and Privacy in Communication Networks (SecureComm): 23
    • IEEE Security & Privacy Magazine: 22
    • IEEE Internet of Things Journal (IOT-J): 23
    • IEEE Communications Magazine: 23
  • External Reviewer: CCS (22, 20), IEEE S&P (24, 22, 21), USENIX Security (22, 21), NDSS (20, 19), ACSAC (22, 20, 19), DSN (22, 21, 20), ESORICS (22), SecureComm (19), DFRWS (20, 19), AutoSec (21)


  • Work Experience

  • Research intern at SRI InternationalMay 2023-Aug 2023

  • Graduate Teaching Assistant (CSE5474 Software Security) Spring 2023

  • Research intern at SRI InternationalMay 2022-Aug 2022

  • Research intern at SRI InternationalMay 2021-July 2021

  • Graduate Research AssistantAug 2018-Present

  • Software developer intern at TencentJuly 2017-Sep 2017