Presentation is loading. Please wait.

Presentation is loading. Please wait.

Xing Jin, Tongbo Luo, Derek G. Tsui, Wenliang Du Department of Electrical Engineering & Computer Science Syracuse University.

Similar presentations


Presentation on theme: "Xing Jin, Tongbo Luo, Derek G. Tsui, Wenliang Du Department of Electrical Engineering & Computer Science Syracuse University."— Presentation transcript:

1

2 Xing Jin, Tongbo Luo, Derek G. Tsui, Wenliang Du Department of Electrical Engineering & Computer Science Syracuse University.

3 (a) (c) (b)(d) (g)(f)(e)(h)

4 Outline BackGround Overview of HTML5-based Mobile App Overview of PhoneGap Architecture Risks in JavaScript Code Injection Attacks on HTML5-based mobile apps Overview of the Attack Channels of the Attack Examples (WIFI, NFC, MP3) Length limitation Real Vulnerable Cases Future Work

5 Overview of HTML5-based Mobile App PhoneGap Device Accelerometer Camera Compass Contacts File Geolocation Notification … WebView HTML CSS JavaScript X X addJavascriptInterface() Advantage: Can be easily ported between different platforms

6 Overview of PhoneGap Architecture

7 Risks in JavaScript Data and code can be mixed together. var text="Hello! alert('hello') "; document.write(text); Once it runs, the data will be displayed, and the JavaScript code will also be executed.

8 Overview of the Attack

9 3 1 2

10 Channels of XDS Attack ID Channels (WiFi, Bluetooth) Data Channels Unique to Mobile Devices (NFC, Barcode, SMS) Metadata Channels (MP3, MP4, Image)

11 Example 1(WiFi) Non PhoneGap WiFi-Finder PhoneGap WiFi-Finder

12 Example 2(NFC) Non PhoneGap NFC App PhoneGap NFC App

13 Example 3(mp3) PhoneGap Mp3 App Non PhoneGap Mp3 App

14 Length Limitation of Channels

15 Overcome the limitation Use External JS files: ( will be filter out by innerHTML) Split JS code into pieces: (need to use jQuery)

16 Real vulnerable cases Downloaded 764 PhoneGap apps from Google Play Find several vulnerable apps satisfy two attack conditions: read external data from the channels that we have identified use vulnerable APIs or attributes to display information from the channels

17 Real Vulnerable Cases Non PhoneGap App PhoneGap App Information sent to Sever

18 Real vulnerable Cases The code injected in the QR code

19 Future Work Large Scale analysis of HTML5-based mobile apps Solution to address the attack

20 Thanks! Q & A


Download ppt "Xing Jin, Tongbo Luo, Derek G. Tsui, Wenliang Du Department of Electrical Engineering & Computer Science Syracuse University."

Similar presentations


Ads by Google