Xiao Zhang and Wenliang Du Dept. of Electrical Engineering & Computer Science Syracuse University.

Slides:



Advertisements
Similar presentations
You have been given a mission and a code. Use the code to complete the mission and you will save the world from obliteration…
Advertisements

Advanced Piloting Cruise Plot.
Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.
Chapter 1 The Study of Body Function Image PowerPoint
1 Copyright © 2013 Elsevier Inc. All rights reserved. Appendix 01.
1 Copyright © 2010, Elsevier Inc. All rights Reserved Fig 2.1 Chapter 2.
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Title Subtitle.
My Alphabet Book abcdefghijklm nopqrstuvwxyz.
0 - 0.
DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
FACTORING ax2 + bx + c Think “unfoil” Work down, Show all steps.
Addition Facts
Year 6 mental test 10 second questions
2010 fotografiert von Jürgen Roßberg © Fr 1 Sa 2 So 3 Mo 4 Di 5 Mi 6 Do 7 Fr 8 Sa 9 So 10 Mo 11 Di 12 Mi 13 Do 14 Fr 15 Sa 16 So 17 Mo 18 Di 19.
Richmond House, Liverpool (1) 26 th January 2004.
REVIEW: Arthropod ID. 1. Name the subphylum. 2. Name the subphylum. 3. Name the order.
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Mobile Application Security.
1 The phone in the cloud Utilizing resources hosted anywhere Claes Nilsson.
ABC Technology Project
1 Undirected Breadth First Search F A BCG DE H 2 F A BCG DE H Queue: A get Undiscovered Fringe Finished Active 0 distance from A visit(A)
25 July, 2014 Hailiang Mei, TU/e Computer Science, System Architecture and Networking 1 Hailiang Mei Remote Terminal Management.
25 July, 2014 Hailiang Mei, TU/e Computer Science, System Architecture and Networking 1 Hailiang Mei Security and Privacy Concern.
VOORBLAD.
15. Oktober Oktober Oktober 2012.
1 Breadth First Search s s Undiscovered Discovered Finished Queue: s Top of queue 2 1 Shortest path from s.
“Start-to-End” Simulations Imaging of Single Molecules at the European XFEL Igor Zagorodnov S2E Meeting DESY 10. February 2014.
BIOLOGY AUGUST 2013 OPENING ASSIGNMENTS. AUGUST 7, 2013  Question goes here!
Factor P 16 8(8-5ab) 4(d² + 4) 3rs(2r – s) 15cd(1 + 2cd) 8(4a² + 3b²)
Squares and Square Root WALK. Solve each problem REVIEW:
Basel-ICU-Journal Challenge18/20/ Basel-ICU-Journal Challenge8/20/2014.
CONTROL VISION Set-up. Step 1 Step 2 Step 3 Step 5 Step 4.
© 2012 National Heart Foundation of Australia. Slide 2.
Lets play bingo!!. Calculate: MEAN Calculate: MEDIAN
Understanding Generalist Practice, 5e, Kirst-Ashman/Hull
Chapter 5 Test Review Sections 5-1 through 5-4.
SIMOCODE-DP Software.
GG Consulting, LLC I-SUITE. Source: TEA SHARS Frequently asked questions 2.
Addition 1’s to 20.
Model and Relationships 6 M 1 M M M M M M M M M M M M M M M M
25 seconds left…...
Equal or Not. Equal or Not
Januar MDMDFSSMDMDFSSS
REGISTRATION OF STUDENTS Master Settings STUDENT INFORMATION PRABANDHAK DEFINE FEE STRUCTURE FEE COLLECTION Attendance Management REPORTS Architecture.
Week 1.
Analyzing Genes and Genomes
We will resume in: 25 Minutes.
©Brooks/Cole, 2001 Chapter 12 Derived Types-- Enumerated, Structure and Union.
Essential Cell Biology
Intracellular Compartments and Transport
A SMALL TRUTH TO MAKE LIFE 100%
1 Unit 1 Kinematics Chapter 1 Day
PSSA Preparation.
VPN AND REMOTE ACCESS Mohammad S. Hasan 1 VPN and Remote Access.
Immunobiology: The Immune System in Health & Disease Sixth Edition
Essential Cell Biology
Weekly Attendance by Class w/e 6 th September 2013.
Immunobiology: The Immune System in Health & Disease Sixth Edition
CpSc 3220 Designing a Database
User Security for e-Post Applications Dr Chandana Gamage University of Moratuwa.
DISTRIBUSI PROBABILITAS KONTINYU Referensi : Walpole, RonaldWalpole. R.E., Myers, R.H., Myers, S.L., and Ye, K Probability & Statistics for Engineers.
L.C.Smith College of Engineering and Computer Science AppSealer : Automatic Generation of Vulnerability-Specific Patches for Preventing Component Hijacking.
Code Injection Attacks on HTML5-based Mobile Apps: Characterization, Detection and Mitigation Xing Jin, Xunchao Hu, Kailiang Ying, Wenliang Du, Heng Yin,
Presentation transcript:

Xiao Zhang and Wenliang Du Dept. of Electrical Engineering & Computer Science Syracuse University

Roadmap Background Motivation & Findings Attacks Manipulation Stealing Discussion Conclusion Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

Android Ecosystem Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

Android Clipboard Easy Access Powerful Capabilities Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

Roadmap Background Motivation & Findings Attacks Manipulation Stealing Discussion Conclusion Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

Threat Model Assumption: Malicious app installed on the same device as the victim app; Categorized based on malicious behavior Manipulation Stealing Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

Findings Sample Collections Benign: ~ 16,000 from Google Play in July 2012 Malware: 3,987 from different resources Result Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29 1,

Roadmap Background Motivation & Findings Attacks Manipulation JavaScript Injection Command Injection Phishing Stealing Discussion Conclusion Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

JavaScript Injection --- Mobile Browsers Attack Flow Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

JavaScript Injection --- Mobile Browsers Feasibility Study Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

JavaScript Injection --- Mobile Browsers Damage Study Session Hijacking Confused Deputy Integrity Compromise Privacy Leakage Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

JavaScript Injection --- Additional Channel Cross-site scripting (XSS) Attack One PhoneGap app with 1,000,000 installs Cross Origin Invocation Attack Android scheme mechanism Dropbox, Facebook Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

JavaScript Injection --- Dynamic Page Construction PhoneGap apps New platform Few security concerns No server side Manual Analysis Case study: Get It Done Task List Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

JavaScript Injection --- SQL-Type Code Injection How does it work? Observations: WebView component Patterned JS: pre-defined code + user input No scrutinizing Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

JavaScript Injection --- SQL-Type Code Injection JSGuard Based on Androguard 160 LOC written in python Challenges API Identification JS Pattern Identification Vulnerability Identification Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

JavaScript Injection --- SQL-Type Code Injection Result 16,000 apps, 42 hours, 20 sec/app 58% uses loadUrl() 9.4% with patterned JS Randomly selected 100 candidates, 2 vulnerable apps found Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

JavaScript Injection --- SQL-Type Code Injection Case Studies Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

Roadmap Background Motivation & Findings Attacks Manipulation JavaScript Injection Command Injection Phishing Stealing Discussion Conclusion Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

Command Injection --- Android Terminals Categorization Remote Terminal Device Terminal Combined Terminal Systematic Study Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

Roadmap Background Motivation & Findings Attacks Manipulation JavaScript Injection Command Injection Phishing Stealing Discussion Conclusion Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

Phishing Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

Roadmap Background Motivation & Findings Attacks Manipulation JavaScript Injection Command Injection Phishing Stealing Discussion Conclusion Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

Stealing Functionality Demand The Risk Study Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

Roadmap Background Motivation & Findings Attacks Manipulation JavaScript Injection Command Injection Phishing Stealing Discussion Conclusion Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

Discussion --- Potential Solutions User Perspective: Notification Developer Perspective: Permission Request System Perspective: Mandatory Access Control SEAndroid FlaskDroid Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

Discussion --- Related Work Desktop Clipboard Security Self-XSS, Clipboard Hijacking Similarity: Attack via Clipboard Difference: Platform Attack Efforts Attack Surface Solutions Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

Discussion --- Related Work Android Clipboard Security Generic vs. Specific System Vulnerabilities Privacy Protection Privilege Restriction Mandatory Access Control Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

Roadmap Background Motivation & Findings Attacks Manipulation JavaScript Injection Command Injection Phishing Stealing Discussion Conclusion Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

Conclusion Android Clipboard Security Two groups of attacks Manipulation JavaScript Injection Command Injection Phishing Stealing Data Leakage Future work Manual effort -> automization Potential solutions Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, /29

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.