Cloak and Dagger - From Two Permissions to Complete Control of the UI Feedback Loop
Offered By: IEEE via YouTube
Course Description
Overview
Explore a critical security vulnerability in Android's permission system presented at the 2017 IEEE Symposium on Security & Privacy. Delve into how the SYSTEM_ALERT_WINDOW and BIND_ACCESSIBILITY_SERVICE permissions can be exploited to gain complete control of the UI feedback loop, enabling devastating attacks such as credential theft and silent installation of malicious apps. Learn about the design shortcomings in Android that make these attacks possible, their effectiveness in fooling users, and the challenges in addressing these vulnerabilities. Discover a proposed defense mechanism to protect Android users and developers from these threats. Gain insights into the importance of understanding permission capabilities and the potential consequences of underestimating seemingly innocuous permissions.
Syllabus
Intro
Permissions
Why Permissions
Clean Check Attacks
Invisible Grid Attack
The Problem
Phishing Attack
Dronetop
How to fix it
Conclusion
Questions
Taught by
IEEE Symposium on Security and Privacy
Tags
Related Courses
NeuroethicsUniversity of Pennsylvania via Coursera Fundamentals of Online Education: Planning and Application
Georgia Institute of Technology via Coursera Understanding Media by Understanding Google
Northwestern University via Coursera Wiretaps to Big Data: Privacy and Surveillance in the Age of Interconnection
Cornell University via edX Internet, les autres et moi
Certificat informatique et internet via France Université Numerique