YoVDO

Cloak and Dagger - From Two Permissions to Complete Control of the UI Feedback Loop

Offered By: IEEE via YouTube

Tags

Android Security Courses Privacy Courses Mobile Security Courses Credential Theft Courses

Course Description

Overview

Explore a critical security vulnerability in Android's permission system presented at the 2017 IEEE Symposium on Security & Privacy. Delve into how the SYSTEM_ALERT_WINDOW and BIND_ACCESSIBILITY_SERVICE permissions can be exploited to gain complete control of the UI feedback loop, enabling devastating attacks such as credential theft and silent installation of malicious apps. Learn about the design shortcomings in Android that make these attacks possible, their effectiveness in fooling users, and the challenges in addressing these vulnerabilities. Discover a proposed defense mechanism to protect Android users and developers from these threats. Gain insights into the importance of understanding permission capabilities and the potential consequences of underestimating seemingly innocuous permissions.

Syllabus

Intro
Permissions
Why Permissions
Clean Check Attacks
Invisible Grid Attack
The Problem
Phishing Attack
Dronetop
How to fix it
Conclusion
Questions


Taught by

IEEE Symposium on Security and Privacy

Tags

Related Courses

Enterprise and Infrastructure Security
New York University (NYU) via Coursera
Palo Alto Networks Cybersecurity Essentials II
Palo Alto Networks via Coursera
Hacking Laboratuvarınızı Oluşturun
Udemy
CISM Cert Prep: 3 Information Security Program Development and Management
LinkedIn Learning
Ethical Hacking: Mobile Devices and Platforms
LinkedIn Learning