Abstract | ||
---|---|---|
App-based deception attacks are increasingly a problem on mobile devices and they are used to steal passwords, credit card numbers, text messages, etc. Current versions of Android are susceptible to these attacks. Recently, Bianchi et al. proposed a novel solution "What the App is That" that included a host-based system to identify apps to users via a security indicator and help assure them that their input goes to the identified apps [7]. Unfortunately, we found that the solution has a significant side channel vulnerability as well as susceptibility to click-jacking that allow non-privileged malware to completely compromise the defenses, and successfully steal passwords or other keyboard input. We discuss the vulnerabilities found, propose possible defenses, and then evaluate the defenses against different types of UI deception attacks. |
Year | DOI | Venue |
---|---|---|
2016 | 10.1007/978-3-662-54970-4_3 | Lecture Notes in Computer Science |
Field | DocType | Volume |
Clickjacking,Internet privacy,Android (operating system),Computer security,Deception,Computer science,Credit card,Mobile device,Password,Side channel attack,Malware | Conference | 9603 |
ISSN | Citations | PageRank |
0302-9743 | 1 | 0.35 |
References | Authors | |
0 | 7 |
Name | Order | Citations | PageRank |
---|---|---|---|
Earlence Fernandes | 1 | 341 | 23.81 |
Qi Chen | 2 | 261 | 24.99 |
Justin Paupore | 3 | 46 | 2.56 |
Georg Essl | 4 | 639 | 64.71 |
J. Alex Halderman | 5 | 2301 | 149.67 |
Zhuoqing Morley Mao | 6 | 5719 | 363.11 |
Ataul Prakash | 7 | 1712 | 202.35 |