Investigation of Touch-Based User Authentication Features Using Android Smartphone

Alariki, Ala Abdulhakim; Manaf, Azizah Abdul

doi:10.1007/978-3-319-13461-1_14

Cited by 2 publications

(1 citation statement)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Based on the machine learning approach, even the operation habits such as rhythm click characteristics [10] can be considered as the features to distinguish different users. Some of recent researches [6,16,20,9] also proposed the authentication on touch gesture-based behavioral biometrics. Actually, some apps such as QQ already have the functionality to prompt users that their accounts are logged in at another city according to the network IP.…”

Section: ' and ('"''#"mentioning

confidence: 99%

Privacy Leaks through Data Hijacking Attack on Mobile Systems

Zhang

Guo

et al. 2017

ITM Web Conf.

View full text Add to dashboard Cite

Abstract-To persistently eavesdrop on the mobile devices, attackers may obtain the elevated privilege and inject malicious modules into the user devices. Unfortunately, the attackers may not be able to obtain the privilege for a long period of time since the exploitable vulnerabilities may be fixed or the malware may be removed. In this paper, we propose a new data hijacking attack for the mobile apps. By employing the proposed method, the attackers are only required to obtain the root privilege of the user devices once, and they can persistently eavesdrop without any change to the original device. Specifically, we design a new approach to construct a shadow system by hijacking user data files. In the shadow system, attackers possess the identical abilities to the victims. For instance, if a victim has logged into the email app, the attacker can also access the email server in the shadow system without authentication in a long period of time. Without reauthentication of the app, it is difficult for victims to notice the intrusion since the whole eavesdropping is performed on other devices (rather than the user devices). In our experiments, we evaluate the effectiveness of the proposed attack and the result demonstrates that even the Android apps released by the top developers cannot resist this attack. Finally, we discuss some approaches to defend the proposed attack.

show abstract

Section: ' and ('"''#"mentioning

confidence: 99%