Аннотация
In this thesis, we closely examine an important type of attack against Android smart- phones that exploit weaknesses in the user interface. In particular, we study, analyze and implement the “Keystroke Inference #3” attack from the “Cloak and Dagger” paper by Fratantonio et al. 1, 2, which enables an attacker to steal sensitive input such as pass- words. The attack takes advantage of a vulnerability that was subsequently patched on all newer Android versions. Yet, it still affects a significant user base that utilizes older devices. In this paper, we present the end-to-end attack implementation of the “Keystroke Inference #3” concept and elaborate on in-depth details. In order to make the attack fea- sible certain technical challenges needed to be solved, therefore our developed approaches are presented as well. After the evaluation of the results, we show that the implementa- tion is applicable to a wide range of Android versions. We then present our novel defense technique OverlayShifter, which fully prevents the attack while being independent of operating system modifications. Moreover, characteristics that facilitate the detection of the attack are discussed.
Пользователи данного ресурса
Пожалуйста,
войдите в систему, чтобы принять участие в дискуссии (добавить собственные рецензию, или комментарий)