Author: Andrea Possemato, Dario Nisi, Yanick Fratantonio
Network and Distributed Systems Security (NDSS) Symposium 2021
Phishing attacks : problematic for mobile platforms. because they do not provide enough information for a user to reliably distinguish a legitimate app from a malicious app spoofing the UI of the legitimate one
proper timing is the key factor for attacker:
what is proper timing: The user is more prone to provide sensitive data (such as her passwords) when the victim expects to interact with the target app.
how malware determines the right timing: mounting state inference attacks
What is state inference attacks: A malicious app “polls” these vulnerable APIs, and infers when a target app is about to be used by the user, and makes the spoofed UI appear on top of the screen at the right time.
contributions of the paper:
- design and implementation of a new vulnerability detection system which specifically aims at identifying new vulnerabilities that can be used to mount state inference attacks
- a new on-device analysis system able to detect exploitation attempts of vulnerable resources and APIs