TY - GEN
T1 - Code injection attacks on HTML5-based mobile apps
T2 - 21st ACM Conference on Computer and Communications Security, CCS 2014
AU - Jin, Xing
AU - Hu, Xunchao
AU - Ying, Kailiang
AU - Du, Wenliang
AU - Yin, Heng
AU - Peri, Gautam Nagesh
PY - 2014/11/3
Y1 - 2014/11/3
N2 - Due to the portability advantage, HTML5-based mobile apps are getting more and more popular. Unfortunately, the web technology used by HTML5-based mobile apps has a dangerous feature, which allows data and code to be mixed together, making code injection attacks possible. In this paper, we have conducted a systematic study on this risk in HTML5-based mobile apps. We found a new form of code injection attack, which inherits the fundamental cause of Cross-Site Scripting attack (XSS), but it uses many more channels to inject code than XSS. These channels, unique to mobile devices, include Contact, SMS, Barcode, MP3, etc. To assess the prevalence of the code injection vulnerability in HTML5-based mobile apps, we have developed a vulnerability detection tool to analyze 15,510 PhoneGap apps collected from Google Play. 478 apps are flagged as vulnerable, with only 2.30% false-positive rate. We have also implemented a prototype called NoInjection as a Patch to PhoneGap in Android to defend against the attack.
AB - Due to the portability advantage, HTML5-based mobile apps are getting more and more popular. Unfortunately, the web technology used by HTML5-based mobile apps has a dangerous feature, which allows data and code to be mixed together, making code injection attacks possible. In this paper, we have conducted a systematic study on this risk in HTML5-based mobile apps. We found a new form of code injection attack, which inherits the fundamental cause of Cross-Site Scripting attack (XSS), but it uses many more channels to inject code than XSS. These channels, unique to mobile devices, include Contact, SMS, Barcode, MP3, etc. To assess the prevalence of the code injection vulnerability in HTML5-based mobile apps, we have developed a vulnerability detection tool to analyze 15,510 PhoneGap apps collected from Google Play. 478 apps are flagged as vulnerable, with only 2.30% false-positive rate. We have also implemented a prototype called NoInjection as a Patch to PhoneGap in Android to defend against the attack.
KW - Code injection
KW - HTML5-based mobile application
KW - Static analysis
UR - http://www.scopus.com/inward/record.url?scp=84910601223&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84910601223&partnerID=8YFLogxK
U2 - 10.1145/2660267.2660275
DO - 10.1145/2660267.2660275
M3 - Conference contribution
AN - SCOPUS:84910601223
SN - 9781450329576
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 66
EP - 77
BT - Proceedings of the ACM Conference on Computer and Communications Security
PB - Association for Computing Machinery
Y2 - 3 November 2014 through 7 November 2014
ER -