UI Redressing Attacks on Android Devices

A session at SIGINT 2013

Friday 5th July, 2013

7:00pm to 7:45pm (CET)

In this presentation, we describe novel high-impact user interface attacks on Android-based mobile devices, additionally focusing on showcasing the possible mitigation techniques for such attacks.

In this presentation, we describe novel high-impact user interface attacks on Android-based mobile devices, additionally focusing on showcasing the possible mitigation techniques for such attacks. We discuss which UI redressing attacks can be transferred from desktop- to mobile- browser field. Our main contribution is a demonstration of a browserless tap-jacking attack, which greatly enriches the impact of previous work on this matter. With this technique, one can perform unauthorized home screen navigation and attempt actions like (premium number) phone calls without having been granted appropriate privileges. To protect against this attack, we introduce a concept of a security layer that catches all tap-jacking attempts before they can reach home screen/arbitrary applications.

About the speaker

This person is speaking at this event.
Marcus Niemietz

Web application security reseacher and HackPra organizer. Security Consultant at 3curity GmbH. bio from Twitter

Next session in Konferenzraum

8pm Programming FPGAs with PSHDL by Karsten Becker

Sign in to add slides, notes or videos to this session

SIGINT 2013

Germany Germany, Cologne

5th7th July 2013

Tell your friends!

When

Time 7:00pm7:45pm CET

Date Fri 5th July 2013

Where

Konferenzraum, KOMED

Short URL

lanyrd.com/sckccx

Official session page

frab.cccv.de/…t13/events/5059.html

View the schedule

Share

Topics

See something wrong?

Report an issue with this session