Screenmilker: How to Milk Your Android Screen for Secrets

Lin, Chia‐Chi; Li, Hongyang; Zhou, Xiaoyong

doi:10.14722/ndss.2014.23049

Cited by 76 publications

(66 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…There is a large body of work on direct and side-channel attacks that can be performed by malicious Android apps to steal other apps' secrets [10,28,30,40,49,57]. All of these papers assume that the victim has installed a malicious app on his or her device.…”

Section: Related Workmentioning

confidence: 99%

What Mobile Ads Know About Mobile Users

Son

Kim

Shmatikov

2016

Proceedings 2016 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Abstract-We analyze the software stack of popular mobile advertising libraries on Android and investigate how they protect the users of advertising-supported apps from malicious advertising. We find that, by and large, Android advertising libraries properly separate the privileges of the ads from the host app by confining ads to dedicated browser instances that correctly apply the same origin policy.We then demonstrate how malicious ads can infer sensitive information about users by accessing external storage, which is essential for media-rich ads in order to cache video and images. Even though the same origin policy prevents confined ads from reading other apps' external-storage files, it does not prevent them from learning that a file with a particular name exists. We show how, depending on the app, the mere existence of a file can reveal sensitive information about the user. For example, if the user has a pharmacy price-comparison app installed on the device, the presence of external-storage files with certain names reveals which drugs the user has looked for.We conclude with our recommendations for redesigning mobile advertising software to better protect users from malicious advertising.

show abstract

Section: Related Workmentioning

confidence: 99%

What Mobile Ads Know About Mobile Users

Son

Kim

Shmatikov

2016

Proceedings 2016 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…Security of such mobile systems has been widely studied in the past decade, mostly in the context of Android [31], [36], [42], [45], [66], [67], with some limited effort on iOS [34], [37]. Of particular interest here are a series of side-channel attacks, which empower an untrusted third-party app (e.g., free games) to infer private user information by monitoring the execution of OS services or trusted apps (e.g., banking apps).…”

Section: Introductionmentioning

confidence: 99%

“…So far, this line of research has only been conducted on Android, with numerous studies [31], [36], [42], [45], [64], [67] showing that the OS and its underlying Linux kernel fail to properly control the information leaks from seemingly harmless sourcesprocfs, a pseudo filesystem available on UNIX-like operating systems (including Android) to export some kernel statistics (e.g., virtual and physical memory, CPU and network usage) to the user space. These statistics can be classified into two categories: per-process statistics and global statistics.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

OS-level Side Channels without Procfs: Exploring Cross-App Information Leakage on iOS

Zhang¹,

Wang²,

Bai³

et al. 2018

Proceedings 2018 Network and Distributed System Security Symposium

Self Cite

View full text Add to dashboard Cite

Abstract-It has been demonstrated in numerous previous studies that Android and its underlying Linux operating systems do not properly isolate mobile apps to prevent cross-app sidechannel attacks. Cross-app information leakage enables malicious Android apps to infer sensitive user data (e.g., passwords), or private user information (e.g., identity or location) without requiring specific permissions. Nevertheless, no prior work has ever studied these side-channel attacks on iOS-based mobile devices. One reason is that iOS does not implement procfsthe most popular side-channel attack vector; hence the previously known attacks are not feasible.In this paper, we present the first study of OS-level sidechannel attacks on iOS. Specifically, we identified several new side-channel attack vectors (i.e., iOS APIs that enable cross-app information leakage); developed machine learning frameworks (i.e., classification and pattern matching) that combine multiple attack vectors to improve the accuracy of the inference attacks; demonstrated three categories of attacks that exploit these vectors and frameworks to exfiltrate sensitive user information. We have reported our findings to Apple and proposed mitigations to the attacks. Apple has incorporated some of our suggested countermeasures into iOS 11 and MacOS High Sierra 10.13 and later versions.

show abstract

“…However, this scheme cannot detect a specific screen among multiple screens composing an Activity and, moreover, can fail to detect an Activity in an app that has a complex connection structure among Activities. In Screenmilker [3], a malicious screenshot app detects a soft keyboard pop-up by the memory usage to capture a user's keystrokes. However, this attack is possible only in those smartphones in which the screenshot app has been installed using the ADB debugging tool.…”

Section: Introductionmentioning

confidence: 99%