Presentation is loading. Please wait.

Presentation is loading. Please wait.

Deception and Countermeasures in the Android User Interface

Published byFilippa Henriksen Modified over 6 years ago

Similar presentations

Presentation on theme: "Deception and Countermeasures in the Android User Interface"— Presentation transcript:

1 Deception and Countermeasures in the Android User Interface
CSCI680 Advanced Systems and Network Security What the App is That? Deception and Countermeasures in the Android User Interface Authors: Antonio Bianchi, Jacopo Corbetta, Luca Invernizzi, Yannick Fratantonio, Christopher Kruegel, Giovanni Vigna Presenter: Yongsen Ma

2 GUI Confusion Attacks Many smartphone users trust applications such as mobile banking or shopping. Mobile OSs usually run multiple apps concurrently. GUI confusion attacks: A malicious app M remains active in the background M silently waits for the user to login into the bank app B M changes its own appearance to mimic B’s user interface and “steals the focus” The user insert personal banking credentials to the malicious app M

3 Related Works GUI confusion attacks: only focus on specific attacks, like tapjacking, phishing, etc. this paper generalizes these attacks and introduces some novel attacks. GUI defense: augments the system keyboard this paper extends the covered attack surface by considering more attack scenarios Android malware analysis: only focus specific techniques this paper focus on how users interact with different apps security-related information: works for browsers this paper use web-based methods to mobile systems

4 Contributions Detail analysis of GUI deception attacks attackers can use to confuse users. Two-layer defense to mitigate GUI attacks: static analysis: identifies code that could launch GUI confusion attacks on-device defense: an indicator securely informs app origins to users A user study with 308 subjects evaluates the attacks and on-device defense.

5 Outline GUI Confusion Attacks Detection via Static Analysis
UI Defense Mechanism Evaluation Summary

6 Android User Interface
Views: buttons, text fields, images, etc. Activities: defines actions when the View elements are activated. Windows: a virtual surface where graphical content is drawn as defined by the contained Views.

7 GUI Confusion Attacks GUI confusion attacks allow for launching stealthy and effective phishing-style or click-jacking-style operations Attack vectors: Draw on top: draw graphical elements over others App switch: steal focus from the top app Fullscreen: draw on the device’s entire screen Enhancing techniques: detect how the user is interacting with the system create graphical elements mimicking existing ones

8 Confusion Attack by Android GUI API
A tool checks how the main Android GUI APIs can be used to mount a GUI confusion attack startActivity: how a newly-started Activity is placed on the Activities’ stack The type of Android component calling startActivity. The launchMode attribute of the opened Activity. Flags passed to startActivity. “inescapable” fullscreen Windows: an app can influence the appearance of a Window Modifying the Window’s TYPE. Specifying certain flags that determine the Window’s layout. Calling the setSystemUiVisibility API with specific flags to influence the appearance and the behavior of the navigation bar and the status bar.

9 Confusion Attack by Android GUI API
An Activity is drawn on top of each other (Android 4.4) as opened by calling startActivity from a Service, a Broadcast Receiver, or a Content Provider with the NEW_TASK flag. from another Activity and it has the singleInstance launch mode. from another Activity and certain launch modes and flags are used. “inescapable” fullscreen Windows Component types, flags, and launchMode values Widow types and flags

10 Outline GUI Confusion Attacks Detection via Static Analysis
UI Defense Mechanism Evaluation Summary

11 Static Analysis of GUI confusion attacks
Input: apk file; Output: a summary of the potentially-malicious techniques that it uses checks which permissions the app requires in its manifest extracts and parses the app’s bytecode and identifies all the possible attack techniques backward program slicing to check possible argument values of identified API calls flag the app as (potentially) malicious by analyzing the app’s control flow

12 Detecting Attack Techniques
Identifying attack vectors and enhancing techniques Draw on top: addView App Switch: startActivity, moveTaskToFront, killBackgroundProcesses. Fullscreen: setUiVisibility Get information about the device state: getRunningTasks, system log, /proc Application classification: an app is suspicious if it tries to get information of the device state it uses an attack vector there is a path in the call graph where 1 happens and then 2 happens

13 Detecting Results benign1: 500 random apps from Google Play Store.
benign2: 500 “top free” apps from Google Play Store. app-locker: 20 app-locker apps in Google Play Store. malicious: 1,260 apps from Android Malware Genome.

14 Evaluation: GUI Data Elements
Top: 3/5 permissions are frequently used by benign applications. Bottom: just looking at API calls is not enough for detection.

15 Evaluation: Reconstructed GUIs
benign1: 2 suspicious -> 2 app-lockers benign2: 26 suspicious -> 2 app-lockers app-locker: 18/20 detected benign2: 25 detected -> 21 DroidKungFu

16 Outline GUI Confusion Attacks Detection via Static Analysis
UI Defense Mechanism Evaluation Summary

17 UI Defense Goal: establish a trusted path to inform the user without compromising UI functionality. Which app is the user actually interacting? Who is the real author of that app? Conveying trust information to the user. Principles: Offering security guarantees comparable with how a modern browser presents a critical (i.e., banking) website, identifying it during the entire interaction and presenting standard and recognizable visual elements. Allowing benign apps to continue functioning as if our defense were not in place, and not burdening the user with extra operations such as continuously using extra button combinations or requiring specific hardware modifications.

18 Detecting the Target App
Normally, the top Activity (and, therefore, the top app) is the target of user interaction, with two important exceptions: Utility components such as the navigation bar and the status bar (Section II-A) are drawn separately by the system in specific Windows. An app, even if not currently on top of the Activity stack, can di- rect a separate Window to be drawn over the top-activity Window.

19 Detecting the App Author
Turn the unique identifier of an app into a message suitable for screen presentation shows app’s developer name uses Extended-Validation HTTPS to validate it Other options show app’s name as it appears in the market must be unique and trustworthy associates apps with domain names no resist spoofing, lack of official vetting

20 Conveying Trust Information to the User
choose the navigation bar as the “trusted” position that will behave like the URL bar. dynamically change information shown on the navigation bar Fullscreen apps a “secret image” chosen by the user unreadable by non-system applications similar to “SiteKey” or “Sign-in Seal”

21 Detecting the Target App and its Author
Possible statuses of the screen conveying trust information to the user

22 UI Defense: Overview

23 Outline GUI Confusion Attacks Detection via Static Analysis
UI Defense Mechanism Evaluation Summary

24 Evaluation The effectiveness of GUI confusion attacks: do users notice any difference or glitch when a malicious app performs a GUI confusion attack? How helpful our proposed defense mechanism is in making the users aware that the top Activity spawned by the attack is not the original one. Amazon Mechanical Turk, noVNC client, hardware-accelerated emulated Android 4.4 Group 1: unmodified Android system w/o on-device defense Group 2: system w/ on-device defense, w/o explanation of how it works Group 3: system w/ on-device defense, w/ explanation of how it works

25 Evaluation Results

26 Outline GUI Confusion Attacks Detection via Static Analysis
UI Defense Mechanism Evaluation Summary

27 Summary Contributions detail analysis of Android GUI confusion attacks
two-layer defense to prevent GUI confusion attacks a user study to demonstrate the effectiveness Limitations assumes Android OS is not compromised and the navigation bar is trusted false alerts of common benign apps that create “always-visible” Windows evaluation by the hardware-accelerated emulator but not real devices

28 Questions What is a draw on top attack?
What causes the difference between sets benign1 (random apps) and benign2 (top apps) on detection results? How to prevent a malicious application from inferring the “secret image” for fullscreen apps?

Download ppt "Deception and Countermeasures in the Android User Interface"

Similar presentations

Android architecture overview

Android architecture overview
Clickjacking Attacks and Defenses.

Clickjacking Attacks and Defenses.
An Evaluation of the Google Chrome Extension Security Architecture

An Evaluation of the Google Chrome Extension Security Architecture
Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks Qi Alfred Chen, Zhiyun Qian†, Z. Morley Mao University of.

Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks Qi Alfred Chen, Zhiyun Qian†, Z. Morley Mao University of.
1 Applets Chapter 1 To understand:  why applets are used to extend the capabilities of Web pages  how an applet is executed and know about the restrictions.

1 Applets Chapter 1 To understand:  why applets are used to extend the capabilities of Web pages  how an applet is executed and know about the restrictions.
Mobile Application Development

Mobile Application Development
Google Android as a mobile development platform T-110.7111 Internet Technologies for Mobile Computing Olli Mäkinen.

Google Android as a mobile development platform T Internet Technologies for Mobile Computing Olli Mäkinen.
Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access memory.

Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access memory.
The Internet & The World Wide Web Notes

The Internet & The World Wide Web Notes
Case study 2 Android – Mobile OS.

Case study 2 Android – Mobile OS.
INTERNATIONAL SUMMER ACADEMIC COURSE UNIVESITY OF NIS ISAC – Android programming.

INTERNATIONAL SUMMER ACADEMIC COURSE UNIVESITY OF NIS ISAC – Android programming.
Programming with App Inventor Computing Institute for K-12 Teachers Summer 2012 Workshop.

Programming with App Inventor Computing Institute for K-12 Teachers Summer 2012 Workshop.
Android Security What is out there? Waqar Aziz. Android Market Share - I 2.

Android Security What is out there? Waqar Aziz. Android Market Share - I 2.
Android Application Development 2013 PClassic Chris Murphy 1.

Android Application Development 2013 PClassic Chris Murphy 1.
Jarhead Analysis and Detection of Malicious Java Applets Johannes Schlumberger, Christopher Kruegel, Giovanni Vigna University of California Annual Computer.

Jarhead Analysis and Detection of Malicious Java Applets Johannes Schlumberger, Christopher Kruegel, Giovanni Vigna University of California Annual Computer.
Chapter 3.1:Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access.

Chapter 3.1:Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access.
VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.

VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.
2015. 4. 28 박 종 혁 컴퓨터 보안 및 운영체제 연구실 MobiSys '11 Proceedings of the 9th international conference on Mobile systems, applications,

박 종 혁 컴퓨터 보안 및 운영체제 연구실 MobiSys '11 Proceedings of the 9th international conference on Mobile systems, applications,
 Understanding an activity  Starting an activity  Passing information between activities  Understanding intents  Understanding the activity lifecycle.

 Understanding an activity  Starting an activity  Passing information between activities  Understanding intents  Understanding the activity lifecycle.
Chapter 5: Investigate! Lists, Arrays, and Web Browsers.

Chapter 5: Investigate! Lists, Arrays, and Web Browsers.

Similar presentations

Ads by Google