A View to a Kill: WebView Exploitation

نویسندگان

Matthias Neugschwandtner

Martina Lindorfer

Christian Platzer

چکیده

WebView is a technique to mingle web and native applications for mobile devices. The fact that its main incentive requires making data stored on, as well as the functionality of mobile devices, directly accessible to active web content, is not without consequences to security. In this paper, we present a threat scenario that targets WebView apps and show its practical applicability in a case study of selected apps. We further show results of our examination of over 287,000 apps in regard to WebView-related vulnerabilities.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

رفتار با حیوان آزمایشگاهی از منظر قرآن

By the ever-increasing discovery of pharmaceutical and chemical substances, their adverse effects will be considered too. To evaluate adverse effects, animals are used, and factors like standardization of species and breed, storage condition and biochemical system will be effective for animal selection. In Islamic education, animal issues are important. The principles of keeping animals, usin...

متن کامل

WebView: Scalable Information Monitoring for Data-Intensive Web Applications

We present WebView, a scalable information monitoring service for data-intensive Web applications that continuously monitors local application state, aggregates local state into a global view, and uses the global view to help ensure high performance and high availability for these applications. We demonstrate the effectiveness of WebView by building three key Web applications: (a) a data prefet...

متن کامل

Precisely and Scalably Vetting JavaScript Bridge in Android Hybrid Apps

In this paper, we propose a novel system, named BridgeScope, for precise and scalable vetting of JavaScript Bridge security issues in Android hybrid apps. BridgeScope is flexible and can be leveraged to analyze a diverse set of WebView implementations, such as Android’s default WebView, and Mozilla’s Rhino-based WebView. Furthermore, BridgeScope can automatically generate test exploit code to f...

متن کامل

Touchjacking Attacks on Web in Android, iOS, and Windows Phone

To make it easy for applications to interact with the Web, most mobile platforms, including Android, iOS, and Windows Phone, provide a mechanism that allows applications to embed a small but powerful browser component inside. This mechanism is called WebView in Android (it is called different names in other platforms). WebView implements a number of APIs that can be used by applications to inte...

متن کامل

Cross Site Request Forgery on Android WebView

Android has always been about connectivity and providing great browsing experience. Web-based content can be embedded into the Android application using WebView. It is a User Interface component that displays webpages. It can either display a remote webpage or can also load static HTML data. This encompasses the functionality of a browser that can be integrated to application. WebView provides ...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}

با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره شماره

صفحات -

تاریخ انتشار 2013

A View to a Kill: WebView Exploitation

نویسندگان

چکیده

منابع مشابه

رفتار با حیوان آزمایشگاهی از منظر قرآن

WebView: Scalable Information Monitoring for Data-Intensive Web Applications

Precisely and Scalably Vetting JavaScript Bridge in Android Hybrid Apps

Touchjacking Attacks on Web in Android, iOS, and Windows Phone

Cross Site Request Forgery on Android WebView

عنوان ژورنال:

اشتراک گذاری