TY - GEN
T1 - Analysis of clickjacking attacks and an effective defense scheme for Android devices
AU - Wu, Longfei
AU - Brandt, Benjamin
AU - Du, Xiaojiang
AU - Ji, Bo
N1 - Publisher Copyright:
© 2016 IEEE.
PY - 2017/2/21
Y1 - 2017/2/21
N2 - Smartphones bring users lots of convenience by integrating all useful functions people may need. While users are spending more time on their phones, have they ever questioned of being spoofed by the phone they are interacting with? This paper conducts a thorough study of the mobile clickjacking attacks. We first present how the clickjacking attack works and the key points to remain undiscovered. Then, we evaluate its potential threats by exploring the feasibility of launching clickjacking attacks on various UIs, including system app windows, 3rd-party app windows, and other system UIs. Finally, we propose a system-level defense scheme against clickjacking attacks on Android platform, which requires no user or developer effort and is compatible with existing apps. The performance of the countermeasure is evaluated with extensive experiments. The results show that our scheme can effectively prevent clickjacking attacks with only a minor impact to the system.
AB - Smartphones bring users lots of convenience by integrating all useful functions people may need. While users are spending more time on their phones, have they ever questioned of being spoofed by the phone they are interacting with? This paper conducts a thorough study of the mobile clickjacking attacks. We first present how the clickjacking attack works and the key points to remain undiscovered. Then, we evaluate its potential threats by exploring the feasibility of launching clickjacking attacks on various UIs, including system app windows, 3rd-party app windows, and other system UIs. Finally, we propose a system-level defense scheme against clickjacking attacks on Android platform, which requires no user or developer effort and is compatible with existing apps. The performance of the countermeasure is evaluated with extensive experiments. The results show that our scheme can effectively prevent clickjacking attacks with only a minor impact to the system.
KW - Android
KW - clickjacking
KW - security
UR - http://www.scopus.com/inward/record.url?scp=85016064976&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85016064976&partnerID=8YFLogxK
U2 - 10.1109/CNS.2016.7860470
DO - 10.1109/CNS.2016.7860470
M3 - Conference contribution
AN - SCOPUS:85016064976
T3 - 2016 IEEE Conference on Communications and Network Security, CNS 2016
SP - 55
EP - 63
BT - 2016 IEEE Conference on Communications and Network Security, CNS 2016
T2 - 2016 IEEE Conference on Communications and Network Security, CNS 2016
Y2 - 17 October 2016 through 19 October 2016
ER -