Author: Andrea Possemato, Dario Nisi, Yanick Fratantonio

Affiliation: EURECOM

Network and Distributed Systems Security (NDSS) Symposium 2021


Contributor: yzy


Phishing attacks : problematic for mobile platforms. because they do not provide enough information for a user to reliably distinguish a legitimate app from a malicious app spoofing the UI of the legitimate one

proper timing is the key factor for attacker:

  • what is proper timing: The user is more prone to provide sensitive data (such as her passwords) when the victim expects to interact with the target app.

  • how malware determines the right timing: mounting state inference attacks

  • What is state inference attacks: A malicious app “polls” these vulnerable APIs, and infers when a target app is about to be used by the user, and makes the spoofed UI appear on top of the screen at the right time.

  • contributions of the paper:

    • design and implementation of a new vulnerability detection system which specifically aims at identifying new vulnerabilities that can be used to mount state inference attacks
    • a new on-device analysis system able to detect exploitation attempts of vulnerable resources and APIs