Cloak & Dagger: From Two Permissions to Complete Control of the UI Feedback Loop

Дата: 02.09.2017. Автор: CISOCLUB. Категории: Подкасты и видео по информационной безопасности

While both the SYSTEM_ALERT_WINDOW and the BIND_ACCESSIBILITY_SERVICE Android permissions have been abused individually (e.g., in UI redressing attacks, accessibility attacks), previous attacks based on these permissions failed to completely control the UI feedback loop and thus either rely on vanishing side-channels to time the appearance of overlay UI, cannot respond properly to user input, or make the attacks literally visible. In this work, we demonstrate how combining the capabilities of these permissions leads to complete control of the UI feedback loop and creates devastating and stealthy attacks.

by Chenxiong Qian, Simon Pak Ho Chung, Wenke Lee, & Yanick Fratantonio

Full Abstract & Presentation Materials:
https://www.blackhat.com/us-17/briefings.html#cloak-and-dagger-from-two-permissions-to-complete-control-of-the-ui-feedback-loop

CISOCLUB

Об авторе CISOCLUB

Редакция CISO CLUB. Официальный аккаунт. CISO CLUB - информационный портал и профессиональное сообщество специалистов по информационной безопасности.
Читать все записи автора CISOCLUB

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *