Filters








99 Hits in 6.2 sec

What the App is That? Deception and Countermeasures in the Android User Interface

Antonio Bianchi, Jacopo Corbetta, Luca Invernizzi, Yanick Fratantonio, Christopher Kruegel, Giovanni Vigna
2015 2015 IEEE Symposium on Security and Privacy  
These users identify the currently focused app solely by its visual appearance, since the GUIs of the most popular mobile OSes do not show any trusted indication of the app origin.  ...  Mobile applications are part of the everyday lives of billions of people, who often trust them with sensitive information.  ...  ACKNOWLEDGMENTS We would like to thank all the participants in our user study that provided useful and detailed feedback.  ... 
doi:10.1109/sp.2015.62 dblp:conf/sp/BianchiCIFKV15 fatcat:f7jwqr3moracponxootdbjkbwe

Detecting Mobile Application Spoofing Attacks by Leveraging User Visual Similarity Perception

Luka Malisa, Kari Kostiainen, Srdjan Capkun
2017 Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy - CODASPY '17  
If such an attack is successful, the integrity of what the user sees as well as the confidentiality of what she inputs into the system can be violated by the adversary.  ...  A common example of mobile application spoofing is a phishing attack where the adversary tricks the user into revealing her password to a malicious application that resembles the legitimate one.  ...  To find which activity represents the login screen, we developed a tool in the form of a modified Android runtime environment that is executed inside an emulator and that hooks activity and user interface  ... 
doi:10.1145/3029806.3029819 dblp:conf/codaspy/MalisaKC17 fatcat:lradysiosjcltaqdl77fzry7ce

Knock-Knock: The Unbearable Lightness of Android Notifications

Constantinos Patsakis, Efthimios Alepis
2018 Proceedings of the 4th International Conference on Information Systems Security and Privacy  
Android Notifications can be considered as essential parts in Human-Smartphone interaction and inextricable modules of modern mobile applications that can facilitate User Interaction and improve User Experience  ...  More precisely, we present attacks that result either in forging smartphone application notifications to lure the user in disclosing sensitive information, or manipulate Android Notifications to launch  ...  between a user and an application that is not in the foreground.  ... 
doi:10.5220/0006603200520061 dblp:conf/icissp/PatsakisA18 fatcat:2gisbv4wyvf6xcucw2b3h6fopu

Knock-Knock: The unbearable lightness of Android Notifications [article]

Constantinos Patsakis, Efthimios Alepis
2018 arXiv   pre-print
Android Notifications can be considered as essential parts in Human-Smartphone interaction and inextricable modules of modern mobile applications that can facilitate User Interaction and improve User Experience  ...  More precisely, we present attacks that result either in forging smartphone application notifications to lure the user in disclosing sensitive information, or manipulate Android Notifications to launch  ...  Acknowledgments This work was supported by the European Commission under the Horizon 2020 Programme (H2020), as part of the OPERANDO project (Grant Agreement no. 653704) and is based upon work from COST  ... 
arXiv:1801.08225v1 fatcat:bb7jyzpphvbt7m3sqb2dci2yzu

Scan-and-Pay on Android is Dangerous [article]

Enis Ulqinaku and Julinda Stefa and Alessandro Mei
2019 arXiv   pre-print
However, in this work we show that a malicious application can exploit the overlay feature on Android to compromise the integrity of transactions that make use of the scan-and-pay technique.  ...  We implement Malview, a proof-of-concept malicious application that runs in the background on the payee's smartphone and show that it succeeds in redirecting payments to a malicious wallet.  ...  BACKGROUND: OVERLAYS IN ANDROID Smartphones are complex systems and the user interface is composed of different components.  ... 
arXiv:1905.10141v1 fatcat:en52lv7dwvfurppnrw6xhvfmbm

Avoiding the Phishing Bait: The Need for Conventional Countermeasures for Mobile Users

Said Baadel, Fadi Thabtah, Asim Majeed
2018 2018 IEEE 9th Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON)  
Our paper aims at raising awareness and educating users on phishing in general and mobile phishing in particular from a conventional perspective, unlike existing reviews that are based on data mining and  ...  This will equip individuals with knowledge and skills that may prevent phishing on a wider context within the mobile users' community.  ...  phishing app functions in the background and as the user tries to open a legit application it triggers itself to the foreground and displays the phishing interface. iv) Notification attack -the attacker  ... 
doi:10.1109/iemcon.2018.8615095 fatcat:ozj7f2uhtfg3badq5bhm3libnm

Authenticator Rebinding Attack of the UAF Protocol on Mobile Devices

Hui Li, Xuesong Pan, Xinluo Wang, Haonan Feng, Chengjie Shi
2020 Wireless Communications and Mobile Computing  
In this paper, we implement this attack on the Android platform and evaluate its implementability, where results show that the proposed attack is implementable in the actual system and Android applications  ...  We also discuss the possible countermeasures against the threats posed by Authenticator Rebinding Attack for different stakeholders implementing UAF on the Android platform.  ...  Conflicts of Interest The authors declare that there is no conflict of interest regarding the publication of this paper.  ... 
doi:10.1155/2020/8819790 fatcat:k3dz4opd5ngorfpqzclpgutksm

Trojan of Things: Embedding Malicious NFC Tags into Common Objects [article]

Seita Maruyama, Satohiro Wakabayashi, Tatsuya Mori
2017 arXiv   pre-print
The key idea of ToT attacks is to covertly embed maliciously programmed NFC tags into common objects routinely encountered in daily life such as banknotes, clothing, or furniture, which are not considered  ...  We discuss the feasibility of the attack as well as the possible countermeasures against the threats of ToT attacks.  ...  Yoshimichi Ohki, and Mr. Kazuyuki Ishimoto for sharing the valuable comments on the mechanism of Phantom touch generator. We also thank Mr.  ... 
arXiv:1702.07124v1 fatcat:nrnouzpsnbdsrbtyjcpfbsvm7a

Security Threats to Business Information Systems Using NFC Read/Write Mode

Sergio Rios-Aguilar, Marta Beltr醤, Gonz醠ez-Crespo Rub閚
2021 Computers Materials & Continua  
It is extensively used in business information systems that make use of NFC tags to provide the end-user with augmented information in one of several available NFC data exchange formats, such as plain  ...  This model, based on a wellknown methodology, STRIDE, allows developers and users to identify NFC applications vulnerabilities or weaknesses, analyze potential threats, propose risk management strategies  ...  So, the only countermeasure available is updating to Android 10 or later, even though there is a non-negligible base of Android smartphones that will not be able to upgrade due to hardware constraints  ... 
doi:10.32604/cmc.2021.014969 fatcat:pv3yurvdnjfnhb3ae5hg4ynq4u

Open Doors for Bob and Mallory: Open Port Usage in Android Apps and Security Implications

Yunhan Jack Jia, Qi Alfred Chen, Yikai Lin, Chao Kong, Z. Morley Mao
2017 2017 IEEE European Symposium on Security and Privacy (EuroS&P)  
In our subsequent vulnerability analysis, we find that nearly half of the usage is unprotected and can be directly exploited remotely.  ...  We manually confirmed the vulnerabilities for 57 applications, including popular ones with 10 to 50 million downloads on the official market, and also an app that is pre-installed on some device models  ...  From the vulnerability analysis performed, we find that such usage is generally unprotected.  ... 
doi:10.1109/eurosp.2017.44 dblp:conf/eurosp/JiaCLKM17 fatcat:hgqhz3f6nveufgr6s7swax67lm

Survey about Mobile Secured Accessibility Control System using Android

Dr. S. Hemalatha
2019 International Journal for Research in Applied Science and Engineering Technology  
In the procedure, we convey android based application to screen and confirm the consent of the Android application use in our cell phones.  ...  Despite the fact that the first applications may not be the malevolent, a deliberate static examination strategy to discover advertisement libraries insert in applications and dynamic investigation technique  ...  Antonio Bianchi, Jacopo Corbetta, Luca Invernizzi, Yanick Fratantonio, Christopher Kruegel, Giovanni Vigna ,"What the App is That? Deception and Countermeasures in the Android User Interface".  ... 
doi:10.22214/ijraset.2019.3358 fatcat:xfkh5fqcwvdvpgj2eatgdttyau

Your WAP Is at Risk: A Vulnerability Analysis on Wireless Access Point Web-Based Management Interfaces

Efstratios Chatzoglou, Georgios Kambourakis, Constantinos Kolias, Konstantinos Rantos
2022 Security and Communication Networks  
To our knowledge, this work contributes the first wholemeal appraisal of the security level of this kind of Web-based interfaces that go hand in glove with the myriads of WAPs out there, and it is therefore  ...  On top of everything else, we identify the already applied hardening measures by these devices and elaborate on extra countermeasures that are required to tackle the identified weaknesses.  ...  Acknowledgments e authors would like to thank the CERT/CC for their assistance in informing the affected vendors.  ... 
doi:10.1155/2022/1833062 fatcat:ornxy7r3rrbtrewj6yjywayyk4

Study of challenges faced by Enterprises using Security Information and Event Management (SIEM)

Mukesh Yadav, Department of Computer Engineering SVKM's NMIMS Deemed to be University, Mukesh Patel School Of Technology Management & Engineering, Mumbai, India., Dhirendra S Mishra, Department of Computer Engineering SVKM's NMIMS Deemed to be University, Mukesh Patel School Of Technology Management & Engineering, Mumbai, India.
2021 Journal of University of Shanghai for Science and Technology  
In this paper, a survey is carried out to determine the gap in current security providers and areas that need attention. We take logs as input and send them to SIEM for analysis.  ...  Whether a SIEM is capable enough to determine the unknown threats and user behavior to identify insider threats.  ...  ACKNOWLEDGEMENTS I am using this opportunity to express my gratitude to thank all the people who contributed in some way to the work described in this paper.  ... 
doi:10.51201/jusst/21/08422 fatcat:eeqy56iga5dbfp2l3uo43zvy5q

Artificial Intelligence and Market Manipulations: Ex-ante Evaluation in the Regulator's Arsenal

Nathalie de Marcellis-Warin, Frédéric M. Marty, Eva Thelisson, Thierry Warin
2020 Social Science Research Network  
The purpose of the Working Papers is to disseminate the results of research conducted by CIRANO research members in order to solicit exchanges and comments.  ...  These reports are written in the style of scientific publications. The ideas and opinions expressed in these documents are solely those of the authors.  ...  Android apps, Google denies downloaded apps the permissions necessary to be seamlessly updated in the background-instead allows such updates only for apps downloaded via Google Play Store.  ... 
doi:10.2139/ssrn.3744497 fatcat:yeesrvszcrcdtiwu6mmgpe5lci

A Review on Android Malware: Attacks, Countermeasures and Challenges Ahead

ShymalaGowri Selvaganapathy, Sudha Sadasivam, Vinayakumar Ravi
2021 Journal of Cyber Security and Mobility  
This survey converges on Android malware and covers a walkthrough of the various obfuscation attacks deployed during malware analysis phase along with the myriad of adversarial attacks operated at malware  ...  Smartphones usage have become ubiquitous in modern life serving as a double-edged sword with opportunities and challenges in it.  ...  Service components execute in the background without user interaction. Activity components furnish user interfaces. Exchange of data across applications is facilitated by using Content Providers.  ... 
doi:10.13052/jcsm2245-1439.1017 fatcat:mtxfys7pwvb7dastdlyu2s2tzq
« Previous Showing results 1 — 15 out of 99 results