a view to a kill
play

A View To A Kill ! WebView Exploitation ! Ma#hias'Neugschwandtner' - PowerPoint PPT Presentation

Mar 16, 2024 •118 likes •257 views

A View To A Kill ! WebView Exploitation ! Ma#hias'Neugschwandtner' Mar2na'Lindorfer' Chris2an'Platzer' ' Interna2onal'Secure'Systems'Lab' Vienna'University'of'Technology' Web - Views ! Consumption of web content shifts to mobile devices

  1. A View To A Kill ! WebView Exploitation ! Ma#hias'Neugschwandtner' Mar2na'Lindorfer' Chris2an'Platzer' ' Interna2onal'Secure'Systems'Lab' Vienna'University'of'Technology'

  2. Web - Views ! • Consumption of web content shifts to mobile devices ! • Typically not through browser but standalone app ! Usenix LEET 2013 ! 2' 6th Usenix Workshop on Large-Scale Exploits and Emergent Threats !

  3. WebView Library ! • Browser library for mobile devices ! • Available on all popular Smartphone OS ! • Allows quick development of web-based apps ! – HTML, JavaScript, CSS ! – Also targeted at inexperienced developers ! – Third party frameworks (Apache Cordova) require no native code at all ! – Updates just require change of web content ! Usenix LEET 2013 ! 3' 6th Usenix Workshop on Large-Scale Exploits and Emergent Threats !

  4. WebView vs. Browser ! • Provides access to device functionality via JavaScript ! – Hardware buttons ! – Persistent storage ! – Contacts ! – SMS ! – Location ! – … ! • Allows development of more streamlined and capable apps ! • No containment of web content (sandbox) ! Usenix LEET 2013 ! 4' 6th Usenix Workshop on Large-Scale Exploits and Emergent Threats !

  5. Threat Scenario " Server Compromise ! Victim Webserver 2 GET foo.html </> 3 4 1 Data Leak Malicious Script Attacker Usenix LEET 2013 ! 5' 6th Usenix Workshop on Large-Scale Exploits and Emergent Threats !

  6. Threat Scenario " Traffic Compromise ! Victim Webserver 1 GET foo.html </> 3 2 4 Data Leak Attacker Usenix LEET 2013 ! 6' 6th Usenix Workshop on Large-Scale Exploits and Emergent Threats !

  7. Threat Scenario Comparison ! Server%Compromise% Traffic%Compromise% A1ack%leverage% Large'(all'installa2ons'of'a' Smaller'(depends'on'number' single'app'are'affected)' and'loca2on'of'rogue'AP)' Encryp8on% Server'takes'care'of'encryp2on' Only'possible'with'apps'that'use' plain'text'or'don’t'handle' encryp2on'properly' Feasibility% Server'dependent' Traffic'dependent' Usenix LEET 2013 ! 7' 6th Usenix Workshop on Large-Scale Exploits and Emergent Threats !

  8. Case Study " “Take Weather” ! • Social weather-photo sharing app ! • Available for iOS and Android ! – 10,000-50,000 installs on Android ! • Uses plain HTTP ! • Based on Cordova ! – Cross-platform access to contacts, call log, location (GPS) ! – Android: full access to Java ! Usenix LEET 2013 ! 8' 6th Usenix Workshop on Large-Scale Exploits and Emergent Threats !

  9. WebView on Android ! • Provides JavaScript-Java bridge ! – Expose complete Java objects via " WebView.setJavascriptEnabled() 
 WebView.addJavascriptInterface 
 (<object>, <js_object_name>) " – Use reflection to create objects & invoke methods ! • Requires signed certificate for HTTPS ! Usenix LEET 2013 ! 9' 6th Usenix Workshop on Large-Scale Exploits and Emergent Threats !

  10. Case Study " “Jiepang” ! • Chinese “Foursquare” – location based social app ! • 100,000-500,000 installs ! • Permissions to ! – access external storage ! – install packages ! • Uses HTTPS, but ! – overwrites default SSL error handler ! – accepts any certificate ! Usenix LEET 2013 ! 10' 6th Usenix Workshop on Large-Scale Exploits and Emergent Threats !

  11. Large Scale Evaluation " WebView Prevalence ! • 287,512 Android apps submitted to Andrubis ! • July 2012 to March 2013 ! • WebView usage: ! WebView%related%method%call% Samples% Percentage% loadURL' 166,751'' 55%' setJavaScriptEnabled' 158,042' 58%' addJavaScriptInterface' 87,079% 30%% Usenix LEET 2013 ! 11' 6th Usenix Workshop on Large-Scale Exploits and Emergent Threats !

  12. Large Scale Evaluation " Traffic Attack Leverage ! Traffic%Type% Samples% Percentage%of%JSKenabled%samples% Unencrypted''HTML''or'JavaScript' 23,048'' 27%' Lax'SSL'handling' 6,208' 7%' Permissions% Samples% Percentage%of%vulnerable%samples% SMS'(receive,'read,'write,'send)' 3,124' 11%' Installa2on'(write,'install)' 16,726' 60%' Privacy'(contacts,'loca2on)' 21,197' 76%' Usenix LEET 2013 ! 12' 6th Usenix Workshop on Large-Scale Exploits and Emergent Threats !

  13. Mitigation & Conclusion ! • Use of HTTPS and correct certificate handling ! – Signed certificates ! – Certificate pinning ! – WebView targeted at inexperienced developers ! • Android 4.2 introduced @JavascriptInterface annotation ! – Will take time until 4.2 is run by a majority of the devices ! – New annotation only prevents reflection attacks ! – Intended functionality is still available ! Usenix LEET 2013 ! 13' 6th Usenix Workshop on Large-Scale Exploits and Emergent Threats !

Recommend

PD Targets for Various Infection Types: Stasis vs. 1-Log Kill vs. 2 Log Kill G.L. Drusano, M.D.

PD Targets for Various Infection Types: Stasis vs. 1-Log Kill vs. 2 Log Kill G.L. Drusano, M.D.

PD Targets for Various Infection Types: Stasis vs. 1-Log Kill vs. 2 Log Kill G.L. Drusano, M.D. Professor and Director Institute for Therapeutic Innovation University of Florida PD Targets Nosocomial Pneumonia To have insight into

238 views • 22 slides
You never really understand a person until you consider things from his point of view . . .

You never really understand a person until you consider things from his point of view . . .

You never really understand a person until you consider things from his point of view . . . until you climb into his skin and walk around in it. _ Atticus Finch from To Kill A Mockingbird by Harper Lee Newark High School English

418 views • 5 slides
TSUNAMIS TSUNAMIS WHAT ARE THEY? WHAT ARE THEY? and and WHY DO THEY KILL SO WHY DO

TSUNAMIS TSUNAMIS WHAT ARE THEY? WHAT ARE THEY? and and WHY DO THEY KILL SO WHY DO

TSUNAMIS TSUNAMIS WHAT ARE THEY? WHAT ARE THEY? and and WHY DO THEY KILL SO WHY DO THEY KILL SO MANY PEOPLE? MANY PEOPLE? J. David Rogers J. David Rogers Department of Geological Sciences &amp; Engineering University of

589 views • 39 slides
WHAT DISINFECTANTS MOST EFFECTIVELY KILL BACTERIA? Bio Club 10/21/15 HOW DO DISINFECTANTS/

WHAT DISINFECTANTS MOST EFFECTIVELY KILL BACTERIA? Bio Club 10/21/15 HOW DO DISINFECTANTS/

WHAT DISINFECTANTS MOST EFFECTIVELY KILL BACTERIA? Bio Club 10/21/15 HOW DO DISINFECTANTS/ ANTISEPTICS WORK? Disinfectants are used on surfaces, antiseptics are used on living tissues (humans) Bactericidal: kill bacteria Bacteriostatic: stop

132 views • 12 slides
The next 1 0 years A regulatory view Presented by: Jordi Llinares Head of Orphan Medicines An

The next 1 0 years A regulatory view Presented by: Jordi Llinares Head of Orphan Medicines An

The next 1 0 years A regulatory view Presented by: Jordi Llinares Head of Orphan Medicines An agency of the European Union Some headlines I hope I never see (and I am not playing with fear politics) EU bureaucrats kill patients hope

197 views • 9 slides
The great unhinging The erosion of rule of law in the Philippines ANU Philippines Project August

The great unhinging The erosion of rule of law in the Philippines ANU Philippines Project August

The great unhinging The erosion of rule of law in the Philippines ANU Philippines Project August 23, 2018 Three pillars of dutertes strongman rule Rule of law is fast eroding I Kill, kill, kill: War on drugs II No to dissent and use of

456 views • 26 slides
The Plot to Kill Jesus (Wednesday-Thursday) The Plot to Kill Jesus (Wednesday-Thursday) We

The Plot to Kill Jesus (Wednesday-Thursday) The Plot to Kill Jesus (Wednesday-Thursday) We

The Plot to Kill Jesus (Wednesday-Thursday) The Plot to Kill Jesus (Wednesday-Thursday) We are not certain what Jesus did on this day. Maybe He spent the day teaching in the temple? Maybe He spent the day making preparations for the

269 views • 16 slides
Wanted Bacteria: Dead or Dead The development of a kill switch that activates upon a cell escaping

Wanted Bacteria: Dead or Dead The development of a kill switch that activates upon a cell escaping

Wanted Bacteria: Dead or Dead The development of a kill switch that activates upon a cell escaping from the laboratory setting into the surrounding environment The Public Fear of Genetically Modified Organisms Development of a Kill Switch

383 views • 27 slides
kill Run default signal handler! Process Process A B kill signal(SIGINT, func) Process

kill Run default signal handler! Process Process A B kill signal(SIGINT, func) Process

Process Process A B kill Run default signal handler! Process Process A B kill signal(SIGINT, func) Process Process A B signal(SIGINT, func) Process Process A B kill Run fun signal handler! Terminate process Generate Core

506 views • 23 slides
Become a Progressive No Kill Community without Breaking the Bank Presented by:

Become a Progressive No Kill Community without Breaking the Bank Presented by:

Become a Progressive No Kill Community without Breaking the Bank Presented by: Hillsborough County Pet Resources &amp; The Humane Society of Tampa Bay Sponsored by: Best Friends Animal Society, Inc. Paradigm Shift in Public Sheltering

454 views • 16 slides
The Cyber Kill Chain The Students of Network Security Why Do We Need It? Since the start of

The Cyber Kill Chain The Students of Network Security Why Do We Need It? Since the start of

The Cyber Kill Chain The Students of Network Security Why Do We Need It? Since the start of the internet age, vulnerabilities have been exploited by ill-meaning users. Important data in military and commercial applications were commonly

1.14k views • 34 slides
COMMUNICATION OR THE KILL SWITCH PROBLEM Deb Housen-Couriel, Adv. The government of

COMMUNICATION OR THE KILL SWITCH PROBLEM Deb Housen-Couriel, Adv. The government of

BLOCKING OF CYBER-ENABLED COMMUNICATIONS BY STATES: RAMIFICATIONS FOR THE FREEDOM OF COMMUNICATION OR THE KILL SWITCH PROBLEM Deb Housen-Couriel, Adv. The government of Ethiopia has demonstrated its ability and willingness to

569 views • 27 slides
Cybercrime Kill Chain vs. Effec4veness of Defense Layers

Cybercrime Kill Chain vs. Effec4veness of Defense Layers

Cybercrime Kill Chain vs. Effec4veness of Defense Layers Dr. Stefan Frei &amp; Francisco Arts @stefan_frei @franklyfranc

787 views • 60 slides
Aspect Ratio Test Slide A 2.0 IS NOT GOING TO KILL YOU BUT IT WILL TRY by Jan Lehnardt at

Aspect Ratio Test Slide A 2.0 IS NOT GOING TO KILL YOU BUT IT WILL TRY by Jan Lehnardt at

Aspect Ratio Test Slide A 2.0 IS NOT GOING TO KILL YOU BUT IT WILL TRY by Jan Lehnardt at ApacheCon EU 2016 in Sevilla Hi, my name is Jan Lehnardt, Im a developer and business person from Berlin, Germany JAN LEHNARDT CouchDB since 2006

1.32k views • 119 slides
1 A SMALL STILL VOICE 2 James 4:2-3 Ye lust, and have not: ye kill, and desire to have, and

1 A SMALL STILL VOICE 2 James 4:2-3 Ye lust, and have not: ye kill, and desire to have, and

1 A SMALL STILL VOICE 2 James 4:2-3 Ye lust, and have not: ye kill, and desire to have, and cannot obtain: ye fight and war, yet ye have not, because ye ask not. Ye ask, and receive not, because ye ask amiss, that ye may consume it upon your

675 views • 28 slides
You can view your nodes* *And you can view your friends, but you cant view your friends

You can view your nodes* *And you can view your friends, but you cant view your friends

You can view your nodes* *And you can view your friends, but you cant view your friends nodes.** ** Well, yeah, you can, but you need more modules. Important note! This is a beginners intro to building Views. If you are already

955 views • 67 slides
He says hell kill the dog if I leave Family violence, pets and vets : An Australian

He says hell kill the dog if I leave Family violence, pets and vets : An Australian

He says hell kill the dog if I leave Family violence, pets and vets : An Australian study Dr Lydia Tong Taronga Conservation Society Australia University of Sydney An introduction Commenwealth Mongrel Vet by training worked in

491 views • 14 slides
SPEAKUP365: Speaker Qualification Sample Presentation Script He was going to kill his parents.

SPEAKUP365: Speaker Qualification Sample Presentation Script He was going to kill his parents.

SPEAKUP365: Speaker Qualification Sample Presentation Script He was going to kill his parents. But then God intervened through a copy of His Word. Heres how it happened. Britt grew up in a large Baptist church in Brownwood, Texas. He and his

316 views • 4 slides
Watershed Detectives: The Fish Kill Mystery It is the summer of 1979 and you are staying with

Watershed Detectives: The Fish Kill Mystery It is the summer of 1979 and you are staying with

Watershed Detectives: The Fish Kill Mystery It is the summer of 1979 and you are staying with your grandmother who lives near Mabel Davis Park in southeast Austin. It has been raining all week and you are glad to finally get out to the

393 views • 5 slides
EXECUTING A DOE: A FEW WAYS TO KILL AN EXPERIMENT Emily Nichols March 8, 2013 Why Should You

EXECUTING A DOE: A FEW WAYS TO KILL AN EXPERIMENT Emily Nichols March 8, 2013 Why Should You

EXECUTING A DOE: A FEW WAYS TO KILL AN EXPERIMENT Emily Nichols March 8, 2013 Why Should You Care About DOEs? An academic reason Better than COST approach 4 other compelling reasons Directly applicable to your career Can

1.04k views • 14 slides
IGES view on new market IGES view on new market- IGES view on new market IGES view on new market

IGES view on new market IGES view on new market- IGES view on new market IGES view on new market

Institute for Global Environmental Strategies Towards sustainable development - policy oriented, practical and strategic research on global environmental issues IGES view on new market IGES view on new market- IGES view on new market IGES view

164 views • 4 slides
Tuberculosis ; TB Infection Risk in Confined Space is one of the 14 countries Thailand with

Tuberculosis ; TB Infection Risk in Confined Space is one of the 14 countries Thailand with

Tuberculosis ; TB Infection Risk in Confined Space is one of the 14 countries Thailand with the highest TB burden Traditional HEPA air filter Limitations: CANNOT Kill TB Trap &amp; Kill TB and Other bacteria and Others Nonreusable

334 views • 12 slides
View Volumes Canonical View Volumes Why Canonical View Volumes? University of British Columbia

View Volumes Canonical View Volumes Why Canonical View Volumes? University of British Columbia

View Volumes Canonical View Volumes Why Canonical View Volumes? University of British Columbia CPSC 314 Computer Graphics Jan-Apr 2016 standardized viewing volume representation specifies field-of-view, used for clipping permits

52 views • 3 slides
How do we get it? How does it kill us? Two distinct cancer research themes: 1. tumor onset (how

How do we get it? How does it kill us? Two distinct cancer research themes: 1. tumor onset (how

What is Cancer? How do we get it? How does it kill us? Two distinct cancer research themes: 1. tumor onset (how does it all start? Is it really just a question of bad luck?) 2. metastasis and phenotypic plasticity (what has personalized

715 views • 55 slides

More recommend