Attacks and defence on android free floating windows

Author

Lingyun YING
Yao CHENG, Singapore Management UniversityFollow
Yemian LU
Yacong GU
Purui SU
Dengguo FENG

Publication Type

Conference Proceeding Article

Version

publishedVersion

Publication Date

5-2016

Abstract

Nowadays, the popular Android is so closely involved in people's daily lives that people rely on Android to perform critical operations and trust Android with sensitive information. It is of great importance to guarantee the usability and security of Android which, however, is such a huge system that a potential threat may arise from any part of it. In this paper, we focus on the Free Floating window (FF window) which is a category of windows that can appear freely above any other applications. It can share the screen space with other FF windows, dialogs, and activities. An FF window is flexible in both its appearance and behaviour features. We analyse the behaviour features of FF windows, including the priority in display layer and the capability of processing user-generated events. Three types of attacks via FF windows with delicate design in their appearance and behaviour features are demonstrated, i.e., DoS attack against Android system, GUI hijacking by targeting overlap, and input inference using FF windows as a side channel. To address the threat caused by FF windows, we design a priority framework for FF windows, which protects a sensitive activity/FF window declared by developers from being attacked by any malicious FF windows. A complementary solution is proposed to mitigate the confusion attack from malicious activities. Finally, we provide Android with suggestions on how to manage FF windows.

Keywords

Android; DoS attack; Free floating window; GUI hijacking; Input inference

Discipline

Technology and Innovation

Publication

ASIA CCS'16: Proceedings of the 11th ACM Asia Conference on Computer and Communications Security, Xi'an, China, 2016, May 30-June 3

First Page

759

Last Page

770

ISBN

9781450342339

Identifier

10.1145/2897845.2897897

Publisher

Association for Computing Machinery, Inc

City or Country

Xi'an, China

Citation

YING, Lingyun; CHENG, Yao; LU, Yemian; GU, Yacong; SU, Purui; and FENG, Dengguo. Attacks and defence on android free floating windows. (2016). ASIA CCS'16: Proceedings of the 11th ACM Asia Conference on Computer and Communications Security, Xi'an, China, 2016, May 30-June 3. 759-770.
Available at: https://ink.library.smu.edu.sg/sis_research/3722

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

http://worldcat.org/isbn/9781450342339