Analysis of clickjacking attacks and an effective defense scheme for Android devices

Longfei Wu, Benjamin Brandt, Xiaojiang Du, Bo Ji

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

21 Scopus citations

Abstract

Smartphones bring users lots of convenience by integrating all useful functions people may need. While users are spending more time on their phones, have they ever questioned of being spoofed by the phone they are interacting with? This paper conducts a thorough study of the mobile clickjacking attacks. We first present how the clickjacking attack works and the key points to remain undiscovered. Then, we evaluate its potential threats by exploring the feasibility of launching clickjacking attacks on various UIs, including system app windows, 3rd-party app windows, and other system UIs. Finally, we propose a system-level defense scheme against clickjacking attacks on Android platform, which requires no user or developer effort and is compatible with existing apps. The performance of the countermeasure is evaluated with extensive experiments. The results show that our scheme can effectively prevent clickjacking attacks with only a minor impact to the system.

Original languageEnglish
Title of host publication2016 IEEE Conference on Communications and Network Security, CNS 2016
Pages55-63
Number of pages9
ISBN (Electronic)9781509030651
DOIs
StatePublished - 21 Feb 2017
Event2016 IEEE Conference on Communications and Network Security, CNS 2016 - Philadelphia, United States
Duration: 17 Oct 201619 Oct 2016

Publication series

Name2016 IEEE Conference on Communications and Network Security, CNS 2016

Conference

Conference2016 IEEE Conference on Communications and Network Security, CNS 2016
Country/TerritoryUnited States
CityPhiladelphia
Period17/10/1619/10/16

Keywords

  • Android
  • clickjacking
  • security

Fingerprint

Dive into the research topics of 'Analysis of clickjacking attacks and an effective defense scheme for Android devices'. Together they form a unique fingerprint.

Cite this