TY - GEN
T1 - Attacks on Android clipboard
AU - Zhang, Xiao
AU - Du, Wenliang
PY - 2014
Y1 - 2014
N2 - In this paper, we perform a thorough study on the risks imposed by the globally accessible Android Clipboard. Based on the risk assessment, we formulate a series of attacks and categorize them into two groups, i.e., manipulation and stealing. Clipboard data manipulation may lead to common code injection attacks, like JavaScript injection and command injection. Furthermore, it can also cause phishing attacks, including web phishing and app phishing. Data stealing happens when sensitive data copied into the clipboard is accessed by malicious applications. For each category of attack, we analyze a large number of candidate apps and show multiple case studies to demonstrate its feasibility. Also, our app analysis process is formulated to benefit future app development and vulnerability detection. After a comprehensive exposure of the risk, we briefly discuss some potential solutions.
AB - In this paper, we perform a thorough study on the risks imposed by the globally accessible Android Clipboard. Based on the risk assessment, we formulate a series of attacks and categorize them into two groups, i.e., manipulation and stealing. Clipboard data manipulation may lead to common code injection attacks, like JavaScript injection and command injection. Furthermore, it can also cause phishing attacks, including web phishing and app phishing. Data stealing happens when sensitive data copied into the clipboard is accessed by malicious applications. For each category of attack, we analyze a large number of candidate apps and show multiple case studies to demonstrate its feasibility. Also, our app analysis process is formulated to benefit future app development and vulnerability detection. After a comprehensive exposure of the risk, we briefly discuss some potential solutions.
UR - http://www.scopus.com/inward/record.url?scp=84904105959&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84904105959&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-08509-8_5
DO - 10.1007/978-3-319-08509-8_5
M3 - Conference contribution
AN - SCOPUS:84904105959
SN - 9783319085081
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 72
EP - 91
BT - Detection of Intrusions and Malware, and Vulnerability Assessment - 11th International Conference, DIMVA 2014, Proceedings
PB - Springer Verlag
T2 - 11th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2014
Y2 - 10 July 2014 through 11 July 2014
ER -