Abdulla Aldoseri scite author profile

Abdulla Aldoseri

4Publications

11Citation Statements Received

72Citation Statements Given

How they've been cited

How they cite others

Affiliations

University of Birmingham

Publications

Order By: Most citations

A Tale of Two Worlds

Bulck

Oswald

Marin

et al. 2019

View full text Add to dashboard Cite

Where a licence is displayed above, please note the terms and conditions of the licence govern your use of this document.When citing, please reference the published version. Take down policyWhile the University of Birmingham exercises care and attention in making items available there are rare occasions when an item has been uploaded in error or has been deemed to be commercially or otherwise sensitive.

show abstract

insecure:// Vulnerability Analysis of URI Scheme Handling in Android Mobile Browsers

Aldoseri¹,

Oswald²

2022

View full text Add to dashboard Cite

Uniform Resource Identifier (URI) schemes instruct browsers to conduct specific actions depending on the requested scheme. Previous research has addressed numerous issues with web URI schemes (e.g., http: and https:) both for desktop and mobile browsers. Less attention has been paid to local schemes (e.g., data: and file:), specifically for mobile browsers. In this work, we examined the implementation of such schemes in Android OS browsers, analysing the top-15 mobile browsers. As a result, we discovered three vulnerability types that affect several major browsers (including Google Chrome, Opera and Samsung Internet). First, we demonstrate an URI sanitisation issue that leads to a cross-site scripting attack via the JavaScript scheme. The problem affects Chromium browsers including Chrome, Opera, Edge, and Vivaldi. Second, we found a display issue in Samsung Internet that allows abusing data URIs to impersonate origins and protocols, posing a threat in the context of phishing attacks. Finally, we discover a privilege escalation issue in Samsung's Android OS, leading to full read and write access to the internal storage without user consent and bypassing the Android storage permission. While this issue was originally discovered in the file scheme of the Samsung browser, utilising a combination of static and dynamic analysis, we traced the problem back to an authorization issue in Knox Sensitive Data Protection SDK. We then show that any app can abuse this SDK to obtain full access to the internal storage without appropriate permission on Samsung devices running Android 10. We responsibly disclosed the vulnerabilities presented in this paper to the affected vendors, leading to four CVEs and security patches in Chrome, Opera and Samsung Internet browser.

show abstract

A Tale of Four Gates

Aldoseri¹,

Oswald²,

Chiper³

2022

View full text Add to dashboard Cite

Where a licence is displayed above, please note the terms and conditions of the licence govern your use of this document.When citing, please reference the published version. Take down policy While the University of Birmingham exercises care and attention in making items available there are rare occasions when an item has been uploaded in error or has been deemed to be commercially or otherwise sensitive.

show abstract

Symbolic modelling of remote attestation protocols for device and app integrity on Android

Aldoseri

Chothia

Moreira³

et al. 2023

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.