Presentation is loading. Please wait.

Presentation is loading. Please wait.

WHAT THE APP IS THAT? DECEPTION AND COUNTERMEASURES IN THE ANDROID USER INTERFACE.

Published byNathan McCoy Modified over 8 years ago

Similar presentations

Presentation on theme: "WHAT THE APP IS THAT? DECEPTION AND COUNTERMEASURES IN THE ANDROID USER INTERFACE."— Presentation transcript:

1 WHAT THE APP IS THAT? DECEPTION AND COUNTERMEASURES IN THE ANDROID USER INTERFACE

2 BACKGROUND Many users now trust their mobile devices to perform tasks, such as mobile banking or shopping, through mobile applications.

3 BACKGROUND

4 GUI CONFUSION ATTACK EXAMPLE

5 WHY IS IT POSSIBLE TO MOUNT GUI ATTACK No trusted way to know which app user is interact with No graphic separation Combination of powerful APIs

6 WHAT THIS PAPER BROUGHT TO US State exploration of android API: how this API can be used to mount GUI confusion attack Detect via static analysis (tool for static analysis) UI defense (installed in phone) Evaluation

7 WHAT CAN BE USED TO MOUNT ATTACK

8 DRAW ON TOP Draw graphical elements over other apps Open new Windows using the addView API Normally need SYSTEM_ALERT_WINDOW permission to draw on top Toast need no permission

9 WHAT CAN BE USED TO MOUNT ATTACK

10 ENHANCING TECHNIQUES Techniques to detect how the user is currently interacting with the system Reading the system log getRunningTasks API /proc/ /cgroups Techniques to create graphical elements mimicking already existing ones: Reverse engineering Repackaging

11 DETECT VIA STATIC ANALYSIS At market level: Using automated tool to identify possible malicious application that can perform GUI-confusion attack

12 APP CLASSIFICATION 1.The app uses a technique to get information about the device state. 2.The app uses a direct attack vector (any of the techniques in the Draw on top, App Switch, Full screen categories) 3.There is a path in the call graph of the app where Condition 1 (check on the running apps) happens, and then Condition 2 (the attack vector) happens.

13 EVALUATION

14 UI DEFENSE Problem: What is the author of this app? Which app user is current interacting with? Solution: Use the similar way of modern browser presents a critical (i.e., banking) website

15 3 STEPS 1.Which app is the user interacting with? Top activity: Accessing information about the Activity stack (ActivityManager Service ) 2.Identify where this app from 3.Conveying trust information to the user

16 IDENTIFY WHERE THIS APP FROM Rely on the Extended- Validation HTTPS infrastructure to validate it Associates apps with domain names make a /app_signers.txt file available on the website

17 CONVEYING TRUST INFORMATION TO THE USER Show message on navigation bar Green box shows the author of this app Secret image shows it is validated by our system

18 EVALUATION Group1: Original Android Group2: on-device defense unaware of attacks no additional training Group3: on-device defense aware of attacks additional training 2.02% 53.76% 56.90% Task : Open Facebook app multiple times, randomly performed attacks by team, trying to identify if they are interact with original Facebook app.

19 CRITICISM Static analysis tool: Need manually analyze UI defense: Device with real navigation bar No way to identify benign apps without SSL certificate The indicator influences the original GUI design

20 CRITICISM Modification of android system Limit the functionalities Provide a safe mode for banking applications

21 QUESTIONS?

Download ppt "WHAT THE APP IS THAT? DECEPTION AND COUNTERMEASURES IN THE ANDROID USER INTERFACE."

Similar presentations

MARKETPLACE TRANSITION FROM CLASSIC INTERFACE TO PHOENIX INTERFACE.

MARKETPLACE TRANSITION FROM CLASSIC INTERFACE TO PHOENIX INTERFACE.
Why Eve & Mallory Love Android

Why Eve & Mallory Love Android
Cross Platform UI testing using Sikuli

Cross Platform UI testing using Sikuli
Talent Slate Mobile LMS Manual Club Name. Install the Talent Slate App on your Device Search for “Talent Slate” in the app store of your device and install.

Talent Slate Mobile LMS Manual Club Name. Install the Talent Slate App on your Device Search for “Talent Slate” in the app store of your device and install.
Sagecrm.com/7.2 Introducing Sage CRM 7.2 Mark Green Business Consultant Pinnacle.

Sagecrm.com/7.2 Introducing Sage CRM 7.2 Mark Green Business Consultant Pinnacle.
Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks Qi Alfred Chen, Zhiyun Qian†, Z. Morley Mao University of.

Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks Qi Alfred Chen, Zhiyun Qian†, Z. Morley Mao University of.
QGIS Matthew Rosencrans Tom DiLiberto. Outline What is QGIS? What can we do with it? What data can we work with?

QGIS Matthew Rosencrans Tom DiLiberto. Outline What is QGIS? What can we do with it? What data can we work with?
OWASP Mobile Top 10 Why They Matter and What We Can Do

OWASP Mobile Top 10 Why They Matter and What We Can Do
Chapter 1: Voilà! Meet the Android. Smartphones –Can browse the Web –Allow you to play games –Use business applications –Check e-mail –Play music –Record.

Chapter 1: Voilà! Meet the Android. Smartphones –Can browse the Web –Allow you to play games –Use business applications –Check –Play music –Record.
CIS 116SUNY Ulster Chapter L5 – The GUI Karl Wick.

CIS 116SUNY Ulster Chapter L5 – The GUI Karl Wick.
All Your Droid Are Belong To Us: A Survey of Current Android Attacks 단국대학교 컴퓨터 보안 및 OS 연구실 김낙영 2015. 04. 21.

All Your Droid Are Belong To Us: A Survey of Current Android Attacks 단국대학교 컴퓨터 보안 및 OS 연구실 김낙영
Characteristic Studies of User- Perceived Information in Security Analysis Wei Yang Univ. of Illinois.

Characteristic Studies of User- Perceived Information in Security Analysis Wei Yang Univ. of Illinois.
APKInspector -Static Analysis of Android Applications Student: Yuan Tian Mentor: Cong Zheng Backup Mentor: Anthony Kara Jianwei 08/22/2012.

APKInspector -Static Analysis of Android Applications Student: Yuan Tian Mentor: Cong Zheng Backup Mentor: Anthony Kara Jianwei 08/22/2012.
Zscaler New Interface and Reporting From Saturday 8 th June 2013.

Zscaler New Interface and Reporting From Saturday 8 th June 2013.
Introduction www.kalmstrom.com With TimeCard users can tag SharePoint events with information that converts them into time sheets. This way they can report.

Introduction With TimeCard users can tag SharePoint events with information that converts them into time sheets. This way they can report.
An Empirical Study of Visual Security Cues to Prevent the SSLstripping Attack Dongwan Shin and Rodrigo Lopes In Proc. 27 th Annual Computer Security Applications.

An Empirical Study of Visual Security Cues to Prevent the SSLstripping Attack Dongwan Shin and Rodrigo Lopes In Proc. 27 th Annual Computer Security Applications.
National Center for Supercomputing Applications NCSA OPIE Presentation November 2000.

National Center for Supercomputing Applications NCSA OPIE Presentation November 2000.
Effective Real-time Android Application Auditing

Effective Real-time Android Application Auditing
Implementation In this presentation… –Methodology –Software Development Life Cycle.

Implementation In this presentation… –Methodology –Software Development Life Cycle.
ADV. NETWORK SECURITY CODY WATSON What’s in Your Dongle and Bank Account? Mandatory and Discretionary Protections of External Resources.

ADV. NETWORK SECURITY CODY WATSON What’s in Your Dongle and Bank Account? Mandatory and Discretionary Protections of External Resources.

Similar presentations

Ads by Google