Presentation is loading. Please wait.

Presentation is loading. Please wait.

Xiao Zhang and Wenliang Du Dept. of Electrical Engineering & Computer Science Syracuse University.

Published bySammy Borne Modified over 9 years ago

Similar presentations

Presentation on theme: "Xiao Zhang and Wenliang Du Dept. of Electrical Engineering & Computer Science Syracuse University."— Presentation transcript:

1 Xiao Zhang and Wenliang Du Dept. of Electrical Engineering & Computer Science Syracuse University

2 Roadmap Background Motivation & Findings Attacks Manipulation Stealing Discussion Conclusion Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 1/29

3 Android Ecosystem Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 2/29

4 Android Clipboard Easy Access Powerful Capabilities Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 3/29

5 Roadmap Background Motivation & Findings Attacks Manipulation Stealing Discussion Conclusion Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 4/29

6 Threat Model Assumption: Malicious app installed on the same device as the victim app; Categorized based on malicious behavior Manipulation Stealing Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 5/29

7 Findings Sample Collections Benign: ~ 16,000 from Google Play in July 2012 Malware: 3,987 from different resources Result Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 6/29 1,180860384

8 Roadmap Background Motivation & Findings Attacks Manipulation JavaScript Injection Command Injection Phishing Stealing Discussion Conclusion Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 7/29

9 JavaScript Injection --- Mobile Browsers Attack Flow Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 8/29

10 JavaScript Injection --- Mobile Browsers Feasibility Study Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 9/29

11 JavaScript Injection --- Mobile Browsers Damage Study Session Hijacking Confused Deputy Integrity Compromise Privacy Leakage Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 10/29

12 JavaScript Injection --- Additional Channel Cross-site scripting (XSS) Attack One PhoneGap app with 1,000,000 installs Cross Origin Invocation Attack Android scheme mechanism Dropbox, Facebook Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 11/29

13 JavaScript Injection --- Dynamic Page Construction PhoneGap apps New platform Few security concerns No server side Manual Analysis Case study: Get It Done Task List Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 12/29

14 JavaScript Injection --- SQL-Type Code Injection How does it work? Observations: WebView component Patterned JS: pre-defined code + user input No scrutinizing Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 13/29

15 JavaScript Injection --- SQL-Type Code Injection JSGuard Based on Androguard 160 LOC written in python Challenges API Identification JS Pattern Identification Vulnerability Identification Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 14/29

16 JavaScript Injection --- SQL-Type Code Injection Result 16,000 apps, 42 hours, 20 sec/app 58% uses loadUrl() 9.4% with patterned JS Randomly selected 100 candidates, 2 vulnerable apps found Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 15/29

17 JavaScript Injection --- SQL-Type Code Injection Case Studies Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 16/29

18 Roadmap Background Motivation & Findings Attacks Manipulation JavaScript Injection Command Injection Phishing Stealing Discussion Conclusion Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 17/29

19 Command Injection --- Android Terminals Categorization Remote Terminal Device Terminal Combined Terminal Systematic Study Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 18/29

20 Roadmap Background Motivation & Findings Attacks Manipulation JavaScript Injection Command Injection Phishing Stealing Discussion Conclusion Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 19/29

21 Phishing Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 20/29

22 Roadmap Background Motivation & Findings Attacks Manipulation JavaScript Injection Command Injection Phishing Stealing Discussion Conclusion Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 21/29

23 Stealing Functionality Demand The Risk Study Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 22/29

24 Roadmap Background Motivation & Findings Attacks Manipulation JavaScript Injection Command Injection Phishing Stealing Discussion Conclusion Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 23/29

25 Discussion --- Potential Solutions User Perspective: Notification Developer Perspective: Permission Request System Perspective: Mandatory Access Control SEAndroid FlaskDroid Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 24/29

26 Discussion --- Related Work Desktop Clipboard Security Self-XSS, Clipboard Hijacking Similarity: Attack via Clipboard Difference: Platform Attack Efforts Attack Surface Solutions Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 25/29

27 Discussion --- Related Work Android Clipboard Security Generic vs. Specific System Vulnerabilities Privacy Protection Privilege Restriction Mandatory Access Control Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 26/29

28 Roadmap Background Motivation & Findings Attacks Manipulation JavaScript Injection Command Injection Phishing Stealing Discussion Conclusion Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 27/29

29 Conclusion Android Clipboard Security Two groups of attacks Manipulation JavaScript Injection Command Injection Phishing Stealing Data Leakage Future work Manual effort -> automization Potential solutions Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 28/29

30 Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 29/29

Download ppt "Xiao Zhang and Wenliang Du Dept. of Electrical Engineering & Computer Science Syracuse University."

Similar presentations

You have been given a mission and a code. Use the code to complete the mission and you will save the world from obliteration…

You have been given a mission and a code. Use the code to complete the mission and you will save the world from obliteration…
Advanced Piloting Cruise Plot.

Advanced Piloting Cruise Plot.
Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.

Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.
Chapter 1 The Study of Body Function Image PowerPoint

Chapter 1 The Study of Body Function Image PowerPoint
1 Copyright © 2013 Elsevier Inc. All rights reserved. Appendix 01.

1 Copyright © 2013 Elsevier Inc. All rights reserved. Appendix 01.
1 Copyright © 2010, Elsevier Inc. All rights Reserved Fig 2.1 Chapter 2.

1 Copyright © 2010, Elsevier Inc. All rights Reserved Fig 2.1 Chapter 2.
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Title Subtitle.

Title Subtitle.
My Alphabet Book abcdefghijklm nopqrstuvwxyz.

My Alphabet Book abcdefghijklm nopqrstuvwxyz.
0 - 0.

0 - 0.
DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.

DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
FACTORING ax2 + bx + c Think “unfoil” Work down, Show all steps.

FACTORING ax2 + bx + c Think “unfoil” Work down, Show all steps.
Addition Facts 1 - 20.

Addition Facts
Year 6 mental test 10 second questions

Year 6 mental test 10 second questions
2010 fotografiert von Jürgen Roßberg © 2009. Fr 1 Sa 2 So 3 Mo 4 Di 5 Mi 6 Do 7 Fr 8 Sa 9 So 10 Mo 11 Di 12 Mi 13 Do 14 Fr 15 Sa 16 So 17 Mo 18 Di 19.

2010 fotografiert von Jürgen Roßberg © Fr 1 Sa 2 So 3 Mo 4 Di 5 Mi 6 Do 7 Fr 8 Sa 9 So 10 Mo 11 Di 12 Mi 13 Do 14 Fr 15 Sa 16 So 17 Mo 18 Di 19.
Richmond House, Liverpool (1) 26 th January 2004.

Richmond House, Liverpool (1) 26 th January 2004.
REVIEW: Arthropod ID. 1. Name the subphylum. 2. Name the subphylum. 3. Name the order.

REVIEW: Arthropod ID. 1. Name the subphylum. 2. Name the subphylum. 3. Name the order.
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Mobile Application Security.

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Mobile Application Security.
1 The phone in the cloud Utilizing resources hosted anywhere Claes Nilsson.

1 The phone in the cloud Utilizing resources hosted anywhere Claes Nilsson.

Similar presentations

Ads by Google