A New Era of One-Click Attacks: How to Break Install-Less Apps

Presented at Black Hat Asia 2021 Virtual, May 7, 2021, 11:20 a.m. (40 minutes).

<p>Apps are becoming larger, cumbersome, and resource-consuming. Vendors want to reduce the whole process for users to reach the target page of content and get the work done with just a few clicks. Install-Less apps are considered a new choice that runs without requiring installation but has a similar user experience to native apps.<br><br>There are different kinds of implementations for Install-Less apps, like hosting on native app engines, running based on webview, or componentizing the native app, but they all have similar attack surfaces. We will present some novel attack methods against Install-Less apps and detail multiple vulnerabilities which we found in Apple App Clips, Google PWA, Google Instant App, and QuickApp to achieve the "one-click" attack. We will first share some key observations on Install-Less app structures and give our insights into the entrance of exploit-chain - QRCode/NFC/Web. More importantly, we will take a dive into its core components such as data interchange, privilege control, and storage isolation, etc., and illustrate how we can steal sensitive users' data, code execution, and spoof.<br><br>These critical vulnerabilities and attack vectors affect almost all the devices over the world including android and iOS, consisting of at least 1 billion users.<br><br>Mitigation techniques and tips for developers and users will also be provided before we summarize our presentation to promote the development of the community.</p>

Presenters:

  • Zhiyang Zeng - Senior Security Reseacher, OPPO ZIWU Security Lab
    Zhiyang Zeng (Wester) is a senior security researcher at OPPO ZIWU Security Lab, he specializes in penetration testing, browser security and android security. Zhiyang was also a speaker of POC Korea 2019.
  • Bo Liu - Senior Security Reseacher, OPPO ZIWU Security Lab
    Bo Liu is a senior security researcher at OPPO ZIWU Security Lab. Bo's research focuses on Android security and penetration testing.
  • Yimin Wu - Senior Security Reseacher, OPPO ZIWU Security Lab
    Yimin Wu is a security researcher from OPPO ZIWU Security Lab. Yimin's research focuses on Android security and penetration testing.

Links:

Similar Presentations: