Slide 1

Xiao Zhang and Wenliang Du Dept. of Electrical Engineering & Computer Science Syracuse University Slide 2 Roadmap Background Motivation & Findings Attacks Manipulation Stealing Discussion Conclusion Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 1/29 Slide 3 Android Ecosystem Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 2/29 Slide 4 Android Clipboard Easy Access Powerful Capabilities Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 3/29 Slide 5 Roadmap Background Motivation & Findings Attacks Manipulation Stealing Discussion Conclusion Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 4/29 Slide 6 Threat Model Assumption: Malicious app installed on the same device as the victim app; Categorized based on malicious behavior Manipulation Stealing Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 5/29 Slide 7 Findings Sample Collections Benign: ~ 16,000 from Google Play in July 2012 Malware: 3,987 from different resources Result Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 6/29 1,180860384 Slide 8 Roadmap Background Motivation & Findings Attacks Manipulation JavaScript Injection Command Injection Phishing Stealing Discussion Conclusion Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 7/29 Slide 9 JavaScript Injection --- Mobile Browsers Attack Flow Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 8/29 Slide 10 JavaScript Injection --- Mobile Browsers Feasibility Study Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 9/29 Slide 11 JavaScript Injection --- Mobile Browsers Damage Study Session Hijacking Confused Deputy Integrity Compromise Privacy Leakage Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 10/29 Slide 12 JavaScript Injection --- Additional Channel Cross-site scripting (XSS) Attack One PhoneGap app with 1,000,000 installs Cross Origin Invocation Attack Android scheme mechanism Dropbox, Facebook Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 11/29 Slide 13 JavaScript Injection --- Dynamic Page Construction PhoneGap apps New platform Few security concerns No server side Manual Analysis Case study: Get It Done Task List Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 12/29 Slide 14 JavaScript Injection --- SQL-Type Code Injection How does it work? Observations: WebView component Patterned JS: pre-defined code + user input No scrutinizing Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 13/29 Slide 15 JavaScript Injection --- SQL-Type Code Injection JSGuard Based on Androguard 160 LOC written in python Challenges API Identification JS Pattern Identification Vulnerability Identification Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 14/29 Slide 16 JavaScript Injection --- SQL-Type Code Injection Result 16,000 apps, 42 hours, 20 sec/app 58% uses loadUrl() 9.4% with patterned JS Randomly selected 100 candidates, 2 vulnerable apps found Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 15/29 Slide 17 JavaScript Injection --- SQL-Type Code Injection Case Studies Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 16/29 Slide 18 Roadmap Background Motivation & Findings Attacks Manipulation JavaScript Injection Command Injection Phishing Stealing Discussion Conclusion Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 17/29 Slide 19 Command Injection --- Android Terminals Categorization Remote Terminal Device Terminal Combined Terminal Systematic Study Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 18/29 Slide 20 Roadmap Background Motivation & Findings Attacks Manipulation JavaScript Injection Command Injection Phishing Stealing Discussion Conclusion Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 19/29 Slide 21 Phishing Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 20/29 Slide 22 Roadmap Background Motivation & Findings Attacks Manipulation JavaScript Injection Command Injection Phishing Stealing Discussion Conclusion Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 21/29 Slide 23 Stealing Functionality Demand The Risk Study Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 22/29 Slide 24 Roadmap Background Motivation & Findings Attacks Manipulation JavaScript Injection Command Injection Phishing Stealing Discussion Conclusion Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 23/29 Slide 25 Discussion --- Potential Solutions User Perspective: Notification Developer Perspective: Permission Request System Perspective: Mandatory Access Control SEAndroid FlaskDroid Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 24/29 Slide 26 Discussion --- Related Work Desktop Clipboard Security Self-XSS, Clipboard Hijacking Similarity: Attack via Clipboard Difference: Platform Attack Efforts Attack Surface Solutions Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 25/29 Slide 27 Discussion --- Related Work Android Clipboard Security Generic vs. Specific System Vulnerabilities Privacy Protection Privilege Restriction Mandatory Access Control Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 26/29 Slide 28 Roadmap Background Motivation & Findings Attacks Manipulation JavaScript Injection Command Injection Phishing Stealing Discussion Conclusion Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 27/29 Slide 29 Conclusion Android Clipboard Security Two groups of attacks Manipulation JavaScript Injection Command Injection Phishing Stealing Data Leakage Future work Manual effort -> automization Potential solutions Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 28/29 Slide 30 Attacks on Android Clipboard | DIMVA 11 th | Egham, London, UK| July 10-11, 2014 29/29