attacks on android clipboard dimva 11 th | july 10-11, 2014
DESCRIPTION
Attacks on Android Clipboard DIMVA 11 th | July 10-11, 2014. Xiao Zhang and Wenliang Du Dept. of Electrical Engineering & Computer Science Syracuse University. Roadmap. Background Motivation & Findings Attacks Manipulation Stealing Discussion Conclusion. - PowerPoint PPT PresentationTRANSCRIPT
Attacks on Android ClipboardDIMVA 11th | July 10-11, 2014
Xiao Zhang and Wenliang Du
<xzhang35, wedu @syr.edu>
Dept. of Electrical Engineering & Computer Science
Syracuse University
Roadmap
BackgroundMotivation & FindingsAttacks
ManipulationStealing
DiscussionConclusion
Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 1/29
Android Ecosystem
Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 2/29
Android Clipboard
Easy Access
Powerful Capabilities
Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 3/29
Roadmap
BackgroundMotivation & FindingsAttacks
ManipulationStealing
DiscussionConclusion
Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 4/29
Threat Model
Assumption: Malicious app installed on the same device as the victim app;
Categorized based on malicious behaviorManipulationStealing
Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 5/29
Findings
Sample CollectionsBenign: ~ 16,000 from Google Play in July 2012Malware: 3,987 from different resources
Result
Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 6/29
1,180
8 60 384
Roadmap
BackgroundMotivation & FindingsAttacks
Manipulation JavaScript Injection Command Injection Phishing
StealingDiscussionConclusion
Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 7/29
JavaScript Injection --- Mobile Browsers
Attack Flow
Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 8/29
JavaScript Injection --- Mobile Browsers
Feasibility Study
Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 9/29
JavaScript Injection --- Mobile Browsers
Damage StudySession HijackingConfused DeputyIntegrity CompromisePrivacy Leakage
Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 10/29
JavaScript Injection --- Additional Channel
Cross-site scripting (XSS) AttackOne PhoneGap app with 1,000,000 installs
Cross Origin Invocation AttackAndroid scheme mechanismDropbox, Facebook
Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 11/29
JavaScript Injection --- Dynamic Page Construction
PhoneGap appsNew platformFew security concerns
No server sideManual AnalysisCase study: Get It Done Task List
Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 12/29
JavaScript Injection --- SQL-Type Code Injection
How does it work?
Observations:WebView componentPatterned JS: pre-defined code + user inputNo scrutinizing
Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 13/29
JavaScript Injection --- SQL-Type Code Injection
JSGuard Based on Androguard 160 LOC written in python
Challenges API Identification JS Pattern Identification Vulnerability Identification
Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 14/29
JavaScript Injection --- SQL-Type Code Injection
Result16,000 apps, 42 hours, 20 sec/app58% uses loadUrl()9.4% with patterned JSRandomly selected 100 candidates, 2 vulnerable apps found
Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 15/29
JavaScript Injection --- SQL-Type Code Injection
Case Studies
Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 16/29
Roadmap
BackgroundMotivation & FindingsAttacks
Manipulation JavaScript Injection Command Injection Phishing
StealingDiscussionConclusion
Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 17/29
Command Injection --- Android Terminals
CategorizationRemote TerminalDevice TerminalCombined Terminal
Systematic Study
Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 18/29
Roadmap
BackgroundMotivation & FindingsAttacks
Manipulation JavaScript Injection Command Injection Phishing
StealingDiscussionConclusion
Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 19/29
Phishing
Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 20/29
Roadmap
BackgroundMotivation & FindingsAttacks
Manipulation JavaScript Injection Command Injection Phishing
StealingDiscussionConclusion
Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 21/29
Stealing
Functionality DemandThe RiskStudy
Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 22/29
Roadmap
BackgroundMotivation & FindingsAttacks
Manipulation JavaScript Injection Command Injection Phishing
StealingDiscussionConclusion
Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 23/29
Discussion --- Potential Solutions
User Perspective: NotificationDeveloper Perspective: Permission RequestSystem Perspective:
Mandatory Access ControlSEAndroidFlaskDroid
Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 24/29
Discussion --- Related Work
Desktop Clipboard SecuritySelf-XSS, Clipboard Hijacking
Similarity: Attack via ClipboardDifference:
PlatformAttack EffortsAttack SurfaceSolutions
Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 25/29
Discussion --- Related Work
Android Clipboard SecurityGeneric vs. Specific
System VulnerabilitiesPrivacy ProtectionPrivilege RestrictionMandatory Access Control
Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 26/29
Roadmap
BackgroundMotivation & FindingsAttacks
Manipulation JavaScript Injection Command Injection Phishing
StealingDiscussionConclusion
Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 27/29
Conclusion
Android Clipboard SecurityTwo groups of attacks
Manipulation JavaScript Injection Command Injection Phishing
Stealing Data Leakage
Future workManual effort -> automizationPotential solutions
Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 28/29
Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 29/29
Thank You !
Questions?