VulnerableMe: Measuring Systemic Weaknesses in Mobile Browser Security

Amrutkar, Chaitrali; Singh, Kapil; Verma, Arunabh; Traynor, Patrick

doi:10.1007/978-3-642-35130-3_2

Cited by 9 publications

(12 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Differences between mobile and desktop websites: All these approaches for malicious webpage detection have focused on websites built for desktop browsers in the past. Mobile browsers have been shown to differ from their desktop counterparts in terms of security [13], [14]. Although differences in mobile and desktop websites have been observed before [19], it is unclear how these differences impact security.…”

Section: Related Workmentioning

confidence: 98%

“…Words such as login and bank are commonly used in the URL of the login webpage for benign websites that are highly prone to imitation. Only a part of the URL is visible to the user of a mobile phone due to the small screen [13]. Therefore, intuitively, the author of a phishing webpage will include misleading words at the beginning of the URL.…”

Section: Url Featuresmentioning

confidence: 98%

“…Therefore, we chose a random subset of 100 URLs from the false positives obtained by running kAYO on the test dataset in Section 5.2. 13 We verified each of the 100 URLs by visiting them manually from an Android mobile browser version 4.0. We found 10 URLs to be suspicious.…”

Section: Investigating False Positivesmentioning

confidence: 99%

See 2 more Smart Citations

Detecting Mobile Malicious Webpages in Real Time

Amrutkar

Kim

Traynor

2017

IEEE Trans. on Mobile Comput.

Self Cite

View full text Add to dashboard Cite

Mobile specific webpages differ significantly from their desktop counterparts in content, layout and functionality. Accordingly, existing techniques to detect malicious websites are unlikely to work for such webpages. In this paper, we design and implement kAYO, a mechanism that distinguishes between malicious and benign mobile webpages. kAYO makes this determination based on static features of a webpage ranging from the number of iframes to the presence of known fraudulent phone numbers. First, we experimentally demonstrate the need for mobile specific techniques and then identify a range of new static features that highly correlate with mobile malicious webpages. We then apply kAYO to a dataset of over 350,000 known benign and malicious mobile webpages and demonstrate 90% accuracy in classification. Moreover, we discover, characterize and report a number of webpages missed by Google Safe Browsing and VirusTotal, but detected by kAYO. Finally, we build a browser extension using kAYO to protect users from malicious mobile websites in real-time. In doing so, we provide the first static analysis technique to detect malicious mobile webpages.

show abstract

Section: Related Workmentioning

confidence: 98%

Section: Url Featuresmentioning

confidence: 98%

See 1 more Smart Citation

Detecting Mobile Malicious Webpages in Real Time

Amrutkar

Kim

Traynor

2017

IEEE Trans. on Mobile Comput.

Self Cite

View full text Add to dashboard Cite

show abstract

“…NativeWrap seeks to mitigate such attacks by always clearly displaying the WebView app's name. NativeWrap further pins the WebView app to a domain to ensure phishing does not inadvertently originate from the domain, e.g., via advertisements that hijack the screen [1]. Browser Compromise: Upon compromising the Web browser, an attacker potentially gains access to all of the user's cookies, in- Figure 2: The NativeWrap Architecture cluding those that are used for authentication.…”

Section: Threat Modelmentioning

confidence: 99%

“…1 Results accessed May 14, 2014. 2 Dailymotion plays only the audio part of a video clip occasionally.…”

Section: Slick Dealsmentioning

confidence: 99%

NativeWrap

Nadkarni

Tendulkar

Enck

2014

Proceedings of the 2014 ACM Conference on Security and Privacy in Wireless &Amp; Mobile Networks

View full text Add to dashboard Cite

Smartphones have become a primary form of computing. As a result, nearly every consumer, company, and organization provides an "app" for the popular smartphone platforms. Many of these apps are little more than a WebView widget that renders downloaded HTML and JavaScript content. In this paper, we argue that separating Web applications into separate OS principals has valuable security and privacy advantages. However, in the current smartphone application ecosystem, many such apps are fraught with privacy concerns. To this end, we propose NativeWrap as an alternative model for security and privacy conscious consumers to access Web content. NativeWrap "wraps" the domain for given URL into a native platform app, applying best practices for security configuration. We describe the design of a prototype of NativeWrap for the Android platform and test compatibility on the top 250 Alexa Websites. By using NativeWrap, third-party developers are removed from platform code, and users are placed in control of privacy sensitive operation.

show abstract

A comprehensive survey on mobile browser security issues, challenges and solutions

Debnath,

Jain

2024

Information Security Journal: A Global Perspective

View full text Add to dashboard Cite

VulnerableMe: Measuring Systemic Weaknesses in Mobile Browser Security

Cited by 9 publications

References 12 publications

Detecting Mobile Malicious Webpages in Real Time

Detecting Mobile Malicious Webpages in Real Time

NativeWrap

A comprehensive survey on mobile browser security issues, challenges and solutions

Contact Info

Product

Resources

About