YoVDO

Cloak and Dagger - From Two Permissions to Complete Control of the UI Feedback Loop

Offered By: IEEE via YouTube

Tags

Android Security Courses Privacy Courses Mobile Security Courses Credential Theft Courses

Course Description

Overview

Explore a critical security vulnerability in Android's permission system presented at the 2017 IEEE Symposium on Security & Privacy. Delve into how the SYSTEM_ALERT_WINDOW and BIND_ACCESSIBILITY_SERVICE permissions can be exploited to gain complete control of the UI feedback loop, enabling devastating attacks such as credential theft and silent installation of malicious apps. Learn about the design shortcomings in Android that make these attacks possible, their effectiveness in fooling users, and the challenges in addressing these vulnerabilities. Discover a proposed defense mechanism to protect Android users and developers from these threats. Gain insights into the importance of understanding permission capabilities and the potential consequences of underestimating seemingly innocuous permissions.

Syllabus

Intro
Permissions
Why Permissions
Clean Check Attacks
Invisible Grid Attack
The Problem
Phishing Attack
Dronetop
How to fix it
Conclusion
Questions


Taught by

IEEE Symposium on Security and Privacy

Tags

Related Courses

Neuroethics
University of Pennsylvania via Coursera
Fundamentals of Online Education: Planning and Application
Georgia Institute of Technology via Coursera
Understanding Media by Understanding Google
Northwestern University via Coursera
Wiretaps to Big Data: Privacy and Surveillance in the Age of Interconnection
Cornell University via edX
Internet, les autres et moi
Certificat informatique et internet via France Université Numerique