UI Redressing Attacks on Android Devices Revisited

Presented at Black Hat Asia 2014, Unknown date/time (Unknown duration).

In this presentation, we describe high-impact user interface attacks on Android-based mobile devices, additionally focusing on showcasing the possible mitigation techniques for such attacks. We discuss which UI redressing attacks can be transferred from the desktop- to the mobile-browser field. Our main contribution is a demonstration of a browser less tap-jacking attack, which greatly enriches the impact of previous work on this matter. With this technique, we can perform unauthorized home screen navigation and attempt actions like (premium number) phone calls without having been granted appropriate privileges. We will show, with an 0day, how an attacker can install applications in the background though it should be fixed by Google in Android v4.


Presenters:

  • Marcus Niemietz - Ruhr-University Bochum
    Marcus Niemietz is a professional security researcher at the Ruhr-University Bochum in Germany. He is focusing on web security related stuff like HTML5 and especially UI redressing. Marcus has published a book about UI redressing and clickjacking for security experts and web developers in 2012. Beside that he works as a security consultancy and gives security trainings for well-known companies. Marcus has spoken on a large variety of international conferences.

Links:

Similar Presentations: