Peeking into your app without actually seeing it:{UI} state inference and novel android attacks
The security of smartphone GUI frameworks remains an important yet under-scrutinized
topic. In this paper, we report that on the Android system (and likely other OSes), a weaker
form of GUI confidentiality can be breached in the form of UI state (not the pixels) by a
background app without requiring any permissions. Our finding leads to a class of attacks
which we name UI state inference attack. The underlying problem is that popular GUI
frameworks by design can potentially reveal every UI state change through a newly …
topic. In this paper, we report that on the Android system (and likely other OSes), a weaker
form of GUI confidentiality can be breached in the form of UI state (not the pixels) by a
background app without requiring any permissions. Our finding leads to a class of attacks
which we name UI state inference attack. The underlying problem is that popular GUI
frameworks by design can potentially reveal every UI state change through a newly …
Abstract
The security of smartphone GUI frameworks remains an important yet under-scrutinized topic. In this paper, we report that on the Android system (and likely other OSes), a weaker form of GUI confidentiality can be breached in the form of UI state (not the pixels) by a background app without requiring any permissions. Our finding leads to a class of attacks which we name UI state inference attack. The underlying problem is that popular GUI frameworks by design can potentially reveal every UI state change through a newly-discovered public side channel—shared memory. In our evaluation, we show that for 6 out of 7 popular Android apps, the UI state inference accuracies are 80–90% for the first candidate UI states, and over 93% for the top 3 candidates.
usenix.org
以上显示的是最相近的搜索结果。 查看全部搜索结果