Attacks on Android Clipboard
نویسندگان
چکیده
In this paper, we perform a thorough study on the risks imposed by the globally accessible Android Clipboard. Based on the risk assessment, we formulate a series of attacks and categorize them into two groups, i.e., manipulation and stealing. Clipboard data manipulation may lead to common code injection attacks, like JavaScript injection and command injection. Furthermore, it can also cause phishing attacks, including web phishing and app phishing. Data stealing happens when sensitive data copied into the clipboard is accessed by malicious applications. For each category of attack, we analyze a large number of candidate apps and show multiple case studies to demonstrate its feasibility. Also, our app analysis process is formulated to benefit future app development and vulnerability detection. After a comprehensive exposure of the risk, we briefly discuss some potential solutions.
منابع مشابه
Hey, You, Get Off of My Clipboard - On How Usability Trumps Security in Android Password Managers
Password managers aim to help users manage their ever increasing number of passwords for online authentication. Since users only have to memorise one master secret to unlock an encrypted password database or key chain storing all their (hopefully) different and strong passwords, password managers are intended to increase username/password security. With mobile Internet usage on the rise, passwo...
متن کاملAggrandizing the beast's limbs: patulous code reuse attack on ARM architecture
Since smartphones are usually personal devices full of private information, they are a popular target for a vast variety of real-world attacks such as Code Reuse Attack (CRA). CRAs enable attackers to execute any arbitrary algorithm on a device without injecting an executable code. Since the standard platform for mobile devices is ARM architecture, we concentrate on available ARM-based CRAs. Cu...
متن کاملAndroid 7 File Based Encryption and the Attacks Against It
Android users have been provided with some level of disk encryption since Android 3.0 “Honeycomb”. This is marketed as ‘Full Disk’ encryption (FDE). FDE allows users to encrypt their /data partition. The major problem with FDE is that after rebooting, multiple critical functions of the device are unusable without user interaction. File Based encryption (FBE) was introduced to overcome this issu...
متن کاملA taxonomy of privilege escalation attacks in Android applications
Google’s Android is one of the most popular mobile operating system platforms today, being deployed on a wide range of mobile devices from various manufacturers. It is termed as a privilegeseparated operating system which implements some novel security mechanisms. Recent research and security attacks on the platform, however, have shown that the security model of Android is flawed and is vulner...
متن کاملPractical Experiences on NFC Relay Attacks with Android - Virtual Pickpocketing Revisited
Near Field Communication (NFC) is a short-range contactless communication standard recently emerging as cashless payment technology. However, NFC has been proved vulnerable to several threats, such as eavesdropping, data modification, and relay attacks. A relay attack forwards the entire wireless communication, thus communicating over larger distances. In this paper, we review and discuss feasi...
متن کامل