hacking in the blind almost invisible runtime user
play

Hacking in the Blind: (Almost) Invisible Runtime User Interface - PowerPoint PPT Presentation

Feb 10, 2023 •506 likes •726 views

Hacking in the Blind: (Almost) Invisible Runtime User Interface Attacks Luka Malisa , Kari Kostiainen, Thomas Knell, David Sommer, and Srdjan Capkun {firstname.lastname}@inf.ethz.ch knellt@student.ethz.ch User Interfaces Consists of input

  1. Hacking in the Blind: (Almost) Invisible Runtime User Interface Attacks Luka Malisa , Kari Kostiainen, Thomas Knell, David Sommer, and Srdjan Capkun {firstname.lastname}@inf.ethz.ch knellt@student.ethz.ch

  2. User Interfaces • Consists of input and output User Interface Input Computer System Output • Used for daily and critical tasks 2

  3. User Interface Attacks UI Attacks are often possible 1. Brief and non-invasive 2. Bypass security features Input Output App … App Computer System 3

  4. Existing Command Injection Attacks 1. New Keyboard 2. New Mouse • Drawbacks - Registers new peripherals - Installs malware - Assume user not present 4

  5. Limitations • Observations 1. Hardened devices 2. Malware installation not possible 3. Damaging attacks possible only when user is present Can we attack without installing malware? 5

  6. Our Attack 1. Click Blocked 1. Click Blocked 2. Inject Events 2. Inject Events 3. Heart rate = 1000 !!! Heart rate = 100 • Benefits + Does not install new peripherals + Does not install malware + Assume user is present 6

  7. Our Attack !!! 7

  8. Attack Demonstration 8

  9. Attack Overview 9

  10. Mouse Location Estimator Mouse Events: Mouse Events: Mouse Events: Up 10px Up 100px Right 150px Left 10px Left 100px Down 150px 10

  11. State Tracking Username: John Doe Password: ****** Login Cancel 11

  12. State Tracking State 0 Login Cancel 1 Click outside 3 Click “Cancel” 2 Click “Login” State 0 State 1 State 2 OK Cancel Button 1 Button 2 12

  13. State Tracking • Maintain all possible options Login Cancel • Strategies to assign probabilities 1. Both buttons are equally likely 2. “Cancel” is more likely (more area) 3. “Login” is more likely (clicked more often) • Introduce expert knowledge through assumptions on probabilities 13

  14. Attack Overview 14

  15. User Interface Models Full Model Application Partial Model Text E-Banking UI Text Pay to: Amount: Button Submit Cancel Button 15

  16. Attack Applicability UI unique? Yes No Partial model App simple? Yes No Full model Not applicable 16

  17. Evaluation State Estimation Accuracy: 90% after 10 clicks Attack Success Rate: >90% Simulated Pacemaker Programmer 17

  18. Evaluation Attack Success Rate: >90% Processing Delay: 40ms 18 E-Banking

  19. Countermeasures • Preventing our attack 1. Trusted path 2. Biometrics 3. Randomized UIs (See paper for others) 19

  20. Discussion • No signs of attacks in the wild , but hardware exists • Attack device easy to minimize • Small footprint 20

  21. Conclusion • Hacking-in-the-Blind • A novel UI attack • Easy to deploy • Invisible to malware detection • Accurate and stealthy Thank you! 21

Recommend

MEDIA DISRUPTION SEEING BEYOND SEEING BEYOND SEEING BEYOND SEEING BEYOND LED BY THE BLIND

MEDIA DISRUPTION SEEING BEYOND SEEING BEYOND SEEING BEYOND SEEING BEYOND LED BY THE BLIND

MEDIA DISRUPTION SEEING BEYOND SEEING BEYOND SEEING BEYOND SEEING BEYOND LED BY THE BLIND HACKING VISUAL CULTURE W/ THE GLAD SCIENTIST Daniel Eric Carlos Hector Alberto Sabio CLOSE YOUR EYES AND LISTEN IMAGINE as minutes as hours as

916 views • 54 slides
Google Chrome The Invisible Browser Ben Goodger Tech Lead, User Interface Google Inc.

Google Chrome The Invisible Browser Ben Goodger Tech Lead, User Interface Google Inc.

Google Chrome The Invisible Browser Ben Goodger Tech Lead, User Interface Google Inc. Beginnings A new browser... a new opportunity A modern platform for web applications Objective: An Invisible Browser Deliver a transparent experience:

557 views • 9 slides
ETHICAL HACKING Daniel Cloherty CAN HACKING BE ETHICAL? What makes hacking ethical?

ETHICAL HACKING Daniel Cloherty CAN HACKING BE ETHICAL? What makes hacking ethical?

ETHICAL HACKING Daniel Cloherty CAN HACKING BE ETHICAL? What makes hacking ethical? Legality VS Ethics State Sanctioned hacking BLACK HAT - Stereotypical Hacker -Stealing data for personal gain -Obviously not ethical -Using

1.17k views • 10 slides
Fresh for tomorrow? Peter Martin, The Age Invisible? Invisible? Invisible? When searching for

Fresh for tomorrow? Peter Martin, The Age Invisible? Invisible? Invisible? When searching for

Fresh for tomorrow? Peter Martin, The Age Invisible? Invisible? Invisible? When searching for an analogy to describe the government, the first thing that comes to a government ministers mind is a company. Invisible? When searching for

638 views • 37 slides
Infocognitive OCR Product Walkthrough Invisible Documents A Hidden Problem Invisible? In your

Infocognitive OCR Product Walkthrough Invisible Documents A Hidden Problem Invisible? In your

Infocognitive OCR Product Walkthrough Invisible Documents A Hidden Problem Invisible? In your EMS/DMS, one t thir ird d of Searchable Unsearchable your documents and attachments may be invisible to search. Where do these invisible

135 views • 12 slides
Future Banking and Financial Attacks Konstantinos Karagiannis Director, Ethical Hacking, BT

Future Banking and Financial Attacks Konstantinos Karagiannis Director, Ethical Hacking, BT

Future Banking and Financial Attacks Konstantinos Karagiannis Director, Ethical Hacking, BT Advise Assure 2 Agenda/topics covered Threat overview Advanced User Enumeration and DDoS Trading Turret and Timing Attacks Internal and External User

365 views • 35 slides
secuBT Hacking the Hackers with User-Space Virtualization Mathias Payer

secuBT Hacking the Hackers with User-Space Virtualization Mathias Payer

secuBT Hacking the Hackers with User-Space Virtualization Mathias Payer <mathias.payer@inf.ethz.ch> 1 Mathias Payer: secuBT - User-Space Virtualization Motivation Virtualizing and encapsulating running programs is important:

693 views • 40 slides
Exploring the Academic Invisible Web Das wissenschaftliche Invisible Web erkunden Dr. Dirk

Exploring the Academic Invisible Web Das wissenschaftliche Invisible Web erkunden Dr. Dirk

Exploring the Academic Invisible Web Das wissenschaftliche Invisible Web erkunden Dr. Dirk Lewandowski Heinrich-Heine-Universitt Dsseldorf, Information Science Research done in collaboration with Philipp Mayr, Bonn Agenda 1. Introduction

340 views • 23 slides
User Defined Runtime Environments in UNICORE EGI Technical Forum 2011, Lyon, FR 2011-09-21 Bj

User Defined Runtime Environments in UNICORE EGI Technical Forum 2011, Lyon, FR 2011-09-21 Bj

Mitglied der Helmholtz-Gemeinschaft User Defined Runtime Environments in UNICORE EGI Technical Forum 2011, Lyon, FR 2011-09-21 Bj orn Hagemeier and Kiran Javaid Agenda Introduction Design Fitting the Model VMM Abstraction VM Images

548 views • 31 slides
Invisible Logic 1 9/20/10 2 9/20/10 3 9/20/10 4 9/20/10

Invisible Logic 1 9/20/10 2 9/20/10 3 9/20/10 4 9/20/10

9/20/10 Invisible Logic Embedded Systems & Kinetic Art Fall 2009 CS5968 / FA3800 Invisible Logic 1 9/20/10 2 9/20/10 3 9/20/10 4 9/20/10 5 9/20/10 6 9/20/10

284 views • 13 slides
Levenberg-Marquardt Computation of the Block Factor Model for Blind Multi-User Access in Wireless

Levenberg-Marquardt Computation of the Block Factor Model for Blind Multi-User Access in Wireless

Levenberg-Marquardt Computation of the Block Factor Model for Blind Multi-User Access in Wireless Communications by Dimitri NION and Lieven DE LATHAUWER Laboratoire ETIS, CNRS UMR 8051 6 avenue du Ponceau, 95014 CERGY FRANCE 14 th European

719 views • 23 slides
Hacking Reinforcement Learning Guillem Duran Ballester Guillemdb @Miau_DB A tale about hacking

Hacking Reinforcement Learning Guillem Duran Ballester Guillemdb @Miau_DB A tale about hacking

Hacking Reinforcement Learning Guillem Duran Ballester Guillemdb @Miau_DB A tale about hacking AI-Corp Hacking RL 1. Information gathering 2. Scanning 3. Exploitation & privilege escalation 4. Maintaining access & covering tracks

960 views • 62 slides
N. Healing two blind men and a deaf mute Matthew 9:27 34 1. Matthew 9:27 These blind

N. Healing two blind men and a deaf mute Matthew 9:27 34 1. Matthew 9:27 These blind

N. Healing two blind men and a deaf mute Matthew 9:27 34 1. Matthew 9:27 These blind men called to Jesus using the Messianic title Son of David . Matthew implied that these blind men saw more than the Pharisees and other national leaders

639 views • 27 slides
are. I can create invisible ink. I can experiment using invisible ink. What are chemical

are. I can create invisible ink. I can experiment using invisible ink. What are chemical

Week 5 Science L.O. To investigate chemical reactions. I can explain what chemical reactions are. I can create invisible ink. I can experiment using invisible ink. What are chemical reactions? A chemical reaction is what happens when a

292 views • 5 slides
Hacking SecondLife Michael Thumann Hacking SecondLife by Michael Thumann 2/24/08 1

Hacking SecondLife Michael Thumann Hacking SecondLife by Michael Thumann 2/24/08 1

Hacking SecondLife Michael Thumann Hacking SecondLife by Michael Thumann 2/24/08 1 Disclaimer Everything you are about to see, hear, read and experience is for educational purposes only. No warranties or guarantees implied or

692 views • 47 slides
A1 (Part 3): Injection Blind SQL Injection Blind SQL Injection SQL injectio ion that tricks ks

A1 (Part 3): Injection Blind SQL Injection Blind SQL Injection SQL injectio ion that tricks ks

A1 (Part 3): Injection Blind SQL Injection Blind SQL Injection SQL injectio ion that tricks ks databases into reveal l information by way of the success or failure of injected querie ies Analogous example le: Login prompt that stops ps

602 views • 14 slides
IT350: Web & Internet Programming Set 19: Security, Hacking and myspace Input to your

IT350: Web & Internet Programming Set 19: Security, Hacking and myspace Input to your

IT350: Web & Internet Programming Set 19: Security, Hacking and myspace Input to your Website How does a user input information to your site? How does your server-side code process the input? How do you store the input?

717 views • 12 slides
Q UBES OS Joanna Rutkowska Invisible Things Lab Qubes OS A reasonably secure desktop OS

Q UBES OS Joanna Rutkowska Invisible Things Lab Qubes OS A reasonably secure desktop OS

Q UBES OS Joanna Rutkowska Invisible Things Lab Qubes OS A reasonably secure desktop OS Security by Compartmentalization Qubes != Hypervisor/VMM (Qubes is a user of a VMM, presently Xen) Qubes != Linux Distro W HY ? Because we

798 views • 37 slides
Drone Hacking Basics Intro to UAS Architectures, Attack Vectors and RF Hacking Matt Koskela June

Drone Hacking Basics Intro to UAS Architectures, Attack Vectors and RF Hacking Matt Koskela June

Drone Hacking Basics Intro to UAS Architectures, Attack Vectors and RF Hacking Matt Koskela June 15, 2017 Outline Drone Architectures RF Basics Information Gathering RF Hacking Tools Exploits & Demos Q&A Why? Wrights Law

486 views • 27 slides
Jesus Is First! Colossians 1:15-20 The Son is the image of the invisible God, the firstborn over

Jesus Is First! Colossians 1:15-20 The Son is the image of the invisible God, the firstborn over

6/18/2018 Jesus Is First! Colossians 1:15-20 The Son is the image of the invisible God, the firstborn over all creation. For in him all things were created; things in heaven and on earth, visible and invisible, whether thrones or powers or

371 views • 4 slides
to your home church! Its All About Jesus Colossians 1:15-23 He is the image of the invisible

to your home church! Its All About Jesus Colossians 1:15-23 He is the image of the invisible

Welcome to your home church! Its All About Jesus Colossians 1:15-23 He is the image of the invisible God, the firstborn of all creation. For by him all things were created, in heaven and on earth, visible and invisible, whether thrones or

518 views • 15 slides
Hacking, Hacktivism, and Counterhacking April 22, 2015 Outline Vocabulary Hacking motivated by

Hacking, Hacktivism, and Counterhacking April 22, 2015 Outline Vocabulary Hacking motivated by

Hacking, Hacktivism, and Counterhacking April 22, 2015 Outline Vocabulary Hacking motivated by benign purposes Hacktivism Counterhacking Case Studies Site defacement Network exploration / Port scanning / SQL injection / . . .

522 views • 18 slides
Hacking Copenhagen ITS World Congress, Copenhagen 2018 Hacking Copenhagen Digitalising (life in)

Hacking Copenhagen ITS World Congress, Copenhagen 2018 Hacking Copenhagen Digitalising (life in)

ECF gratefully acknowledges financial support from the European Commission. Hacking Copenhagen ITS World Congress, Copenhagen 2018 Hacking Copenhagen Digitalising (life in) the city of Copenhagen using bicycles. Bicycle-as-a-Sensor 1.

278 views • 11 slides
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 10 Hacking Web Servers

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 10 Hacking Web Servers

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 10 Hacking Web Servers Objectives After reading this chapter and completing the exercises, you will be able to: Describe Web applications Explain Web application

530 views • 9 slides

More recommend