Attacks on Android clipboard

Xiao Zhang, Wenliang Du

Research output: Chapter in Book/Entry/PoemConference contribution

14 Scopus citations

Abstract

In this paper, we perform a thorough study on the risks imposed by the globally accessible Android Clipboard. Based on the risk assessment, we formulate a series of attacks and categorize them into two groups, i.e., manipulation and stealing. Clipboard data manipulation may lead to common code injection attacks, like JavaScript injection and command injection. Furthermore, it can also cause phishing attacks, including web phishing and app phishing. Data stealing happens when sensitive data copied into the clipboard is accessed by malicious applications. For each category of attack, we analyze a large number of candidate apps and show multiple case studies to demonstrate its feasibility. Also, our app analysis process is formulated to benefit future app development and vulnerability detection. After a comprehensive exposure of the risk, we briefly discuss some potential solutions.

Original languageEnglish (US)
Title of host publicationDetection of Intrusions and Malware, and Vulnerability Assessment - 11th International Conference, DIMVA 2014, Proceedings
PublisherSpringer Verlag
Pages72-91
Number of pages20
ISBN (Print)9783319085081
DOIs
StatePublished - 2014
Event11th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2014 - Egham, United Kingdom
Duration: Jul 10 2014Jul 11 2014

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume8550 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other11th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2014
Country/TerritoryUnited Kingdom
CityEgham
Period7/10/147/11/14

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'Attacks on Android clipboard'. Together they form a unique fingerprint.

Cite this