Presentation is loading. Please wait.

Presentation is loading. Please wait.

Xiao Zhang and Wenliang Du Dept. of Electrical Engineering & Computer Science Syracuse University.

Similar presentations


Presentation on theme: "Xiao Zhang and Wenliang Du Dept. of Electrical Engineering & Computer Science Syracuse University."— Presentation transcript:

1 Xiao Zhang and Wenliang Du Dept. of Electrical Engineering & Computer Science Syracuse University

2 Roadmap Background Motivation & Findings Attacks Manipulation Stealing Discussion Conclusion Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

3 Android Ecosystem Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

4 Android Clipboard Easy Access Powerful Capabilities Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

5 Roadmap Background Motivation & Findings Attacks Manipulation Stealing Discussion Conclusion Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

6 Threat Model Assumption: Malicious app installed on the same device as the victim app; Categorized based on malicious behavior Manipulation Stealing Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

7 Findings Sample Collections Benign: ~ 16,000 from Google Play in July 2012 Malware: 3,987 from different resources Result Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29 1,

8 Roadmap Background Motivation & Findings Attacks Manipulation JavaScript Injection Command Injection Phishing Stealing Discussion Conclusion Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

9 JavaScript Injection --- Mobile Browsers Attack Flow Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

10 JavaScript Injection --- Mobile Browsers Feasibility Study Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

11 JavaScript Injection --- Mobile Browsers Damage Study Session Hijacking Confused Deputy Integrity Compromise Privacy Leakage Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

12 JavaScript Injection --- Additional Channel Cross-site scripting (XSS) Attack One PhoneGap app with 1,000,000 installs Cross Origin Invocation Attack Android scheme mechanism Dropbox, Facebook Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

13 JavaScript Injection --- Dynamic Page Construction PhoneGap apps New platform Few security concerns No server side Manual Analysis Case study: Get It Done Task List Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

14 JavaScript Injection --- SQL-Type Code Injection How does it work? Observations: WebView component Patterned JS: pre-defined code + user input No scrutinizing Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

15 JavaScript Injection --- SQL-Type Code Injection JSGuard Based on Androguard 160 LOC written in python Challenges API Identification JS Pattern Identification Vulnerability Identification Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

16 JavaScript Injection --- SQL-Type Code Injection Result 16,000 apps, 42 hours, 20 sec/app 58% uses loadUrl() 9.4% with patterned JS Randomly selected 100 candidates, 2 vulnerable apps found Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

17 JavaScript Injection --- SQL-Type Code Injection Case Studies Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

18 Roadmap Background Motivation & Findings Attacks Manipulation JavaScript Injection Command Injection Phishing Stealing Discussion Conclusion Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

19 Command Injection --- Android Terminals Categorization Remote Terminal Device Terminal Combined Terminal Systematic Study Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

20 Roadmap Background Motivation & Findings Attacks Manipulation JavaScript Injection Command Injection Phishing Stealing Discussion Conclusion Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

21 Phishing Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

22 Roadmap Background Motivation & Findings Attacks Manipulation JavaScript Injection Command Injection Phishing Stealing Discussion Conclusion Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

23 Stealing Functionality Demand The Risk Study Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

24 Roadmap Background Motivation & Findings Attacks Manipulation JavaScript Injection Command Injection Phishing Stealing Discussion Conclusion Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

25 Discussion --- Potential Solutions User Perspective: Notification Developer Perspective: Permission Request System Perspective: Mandatory Access Control SEAndroid FlaskDroid Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

26 Discussion --- Related Work Desktop Clipboard Security Self-XSS, Clipboard Hijacking Similarity: Attack via Clipboard Difference: Platform Attack Efforts Attack Surface Solutions Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

27 Discussion --- Related Work Android Clipboard Security Generic vs. Specific System Vulnerabilities Privacy Protection Privilege Restriction Mandatory Access Control Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

28 Roadmap Background Motivation & Findings Attacks Manipulation JavaScript Injection Command Injection Phishing Stealing Discussion Conclusion Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

29 Conclusion Android Clipboard Security Two groups of attacks Manipulation JavaScript Injection Command Injection Phishing Stealing Data Leakage Future work Manual effort -> automization Potential solutions Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

30 Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29


Download ppt "Xiao Zhang and Wenliang Du Dept. of Electrical Engineering & Computer Science Syracuse University."

Similar presentations


Ads by Google