Cloak and Dagger: From Two Permissions to Complete Control of the UI Feedback Loop

Fratantonio, Yanick; Qian, Chenxiong; Chung, Simon P.; Lee, Wenke

doi:10.1109/sp.2017.39

Cited by 88 publications

(78 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…That is, it is very difficult to capture the user giving out the answer to the right Captcha "just by accident." In particular, liveness challenges that are based on blinking and smiling are very vulnerable to attacks like UI redressing attacks [25], or more advanced attacks like those described in [50]. Under both scenarios, the attacker can drive the legitimate authentication app to a state where it's presenting the user with its liveness detection (either by using Intent, which is harder to control for more than one UI, or using the accessibility service), while covering up the phone's display with an overlay (so the user doesn't know he/she is being attacked).…”

Section: Other Security Benefitsmentioning

confidence: 99%

rtCaptcha: A Real-Time CAPTCHA Based Liveness Detection System

Uzun¹

2018

Proceedings 2018 Network and Distributed System Security Symposium

Self Cite

View full text Add to dashboard Cite

Abstract-Facial/voice-based authentication is becoming increasingly popular (e.g., already adopted by MasterCard and AliPay), because it is easy to use. In particular, users can now authenticate themselves to online services by using their mobile phone to show themselves performing simple tasks like blinking or smiling in front of its built-in camera. Our study shows that many of the publicly available facial/voice recognition services (e.g. Microsoft Cognitive Services or Amazon Rekognition) are vulnerable to even the most primitive attacks. Furthermore, recent work on modeling a person's face/voice (e.g. Face2Face [1]) allows an adversary to create very authentic video/audio of any target victim to impersonate that target. All it takes to launch such attacks are a few pictures and voice samples of a victim, which can all be obtained by either abusing the camera and microphone of the victim's phone, or through the victim's social media account. In this work, we propose the Real Time Captcha (rtCaptcha) system, which stops/slows down such an attack by turning the adversary's task from creating authentic video/audio of the target victim performing known authentication tasks (e.g., smile, blink) to figuring out what is the authentication task, which is encoded as a Captcha. Specifically, when a user tries to authenticate using rtCaptcha, they will be presented a Captcha and will be asked to take a "selfie" video while announcing the answer to the Captcha. As such, the security guarantee of our system comes from the strength of Captcha, and not how well we can distinguish real faces/voices from synthesized ones. To demonstrate the usability and security of rtCaptcha, we conducted a user study to measure human response times to the most popular Captcha schemes. Our experiments show that, thanks to the humans' speed of solving Captchas, adversaries will have to solve Captchas in less than 2 seconds in order to appear live/human and defeat rtCaptcha, which is not possible for the best settings on the attack side.

show abstract

Section: Other Security Benefitsmentioning

confidence: 99%

rtCaptcha: A Real-Time CAPTCHA Based Liveness Detection System

Uzun¹

2018

Proceedings 2018 Network and Distributed System Security Symposium

Self Cite

View full text Add to dashboard Cite

show abstract

“…The sheer number of APIs that an operating system exposes makes the security analysis at this level alone very complex. Security issues due to API misuse, uncovered for example in [3], support this claim.…”

Section: How To Avoid Orphan Misuse Casesmentioning

confidence: 85%

An Anti-pattern for Misuse Cases

Dashti

Radomirović

2017

Computer Security

View full text Add to dashboard Cite

Abstract. Misuse case analysis is a method for the elicitation, documentation, and communication of security requirements. It builds upon the well-established use case analysis method and is one of the few existing techniques dedicated to security requirements engineering. We present an anti-pattern for applying misuse cases, dubbed "orphan misuses." Orphan misuse cases by and large ignore the system at hand, thus providing little insight into its security. Common symptoms include implementation-dependent threats and overly general, vacuous mitigations. We illustrate orphan misuse cases through examples, explain their negative consequences in detail, and give guidelines for avoiding them.

show abstract

“…Android dialog messages suffer the same disadvantages too. Additionally, dialog messages are required to hold the quite "dangerous" system permission that allows them to draw over other screens to accomplish the desirable result, namely the SYSTEM ALERT WINDOW permission, that can be maliciously used [13].…”

Section: Human-smartphone Interactionmentioning

confidence: 99%

“…While drawing on top of other activities and partially covering them, researchers have recently started to find novel ways to do it. The bulk of the attacks exploit a recently introduced Android permission, the System Alert Window [28,13]. According to Google Developer resources [4]: "Very few apps should use this permission; these windows are intended for system-level interaction with the user".…”

Section: Introductionmentioning

confidence: 99%

Knock-Knock: The Unbearable Lightness of Android Notifications

Patsakis

Alepis

2018

Proceedings of the 4th International Conference on Information Systems Security and Privacy

View full text Add to dashboard Cite

Android Notifications can be considered as essential parts in Human-Smartphone interaction and inextricable modules of modern mobile applications that can facilitate User Interaction and improve User Experience. This paper presents how this well-crafted and thoroughly documented mechanism, provided by the OS can be exploited by an adversary. More precisely, we present attacks that result either in forging smartphone application notifications to lure the user in disclosing sensitive information, or manipulate Android Notifications to launch a Denial of Service attack to the users' device, locally and remotely, rendering them unusable. This paper concludes by proposing generic countermeasures for the discussed security threats.

show abstract

Cloak and Dagger: From Two Permissions to Complete Control of the UI Feedback Loop

Cited by 88 publications

References 4 publications

rtCaptcha: A Real-Time CAPTCHA Based Liveness Detection System

rtCaptcha: A Real-Time CAPTCHA Based Liveness Detection System

An Anti-pattern for Misuse Cases

Knock-Knock: The Unbearable Lightness of Android Notifications

Contact Info

Product

Resources

About