| |
Cross-Platform Analysis of Indirect File Leaks in Android and iOS Applications Speaker (s): 
WU Daoyuan
PhD Candidate
School of Information Systems
Singapore Management University | Date:
Time:
Venue: | | November 20, 2017, Monday
2:00pm - 3:00pm
Seminar Room 2.1, Level 2
School of Information Systems
Singapore Management University
80 Stamford Road
Singapore 178902 We look forward to seeing you at this research seminar. 
|
|
About the Talk Today, much of our sensitive information is stored inside mobile applications (apps), such as the browsing histories and chatting logs. To safeguard these privacy files, modern mobile systems, notably Android and iOS, use sandboxes to isolate apps' file zones from one another. However, I will show in my talk that these private files can still be leaked by indirectly exploiting components that are trusted by the victim apps. In particular, we devise new indirect file leak (IFL) attacks that exploit browser interfaces, command interpreters, and embedded app servers to leak data from very popular apps, such as Evernote and QQ. Unlike the previous attacks, we demonstrate that these IFLs can affect both Android and iOS. Moreover, our IFL methods allow an adversary to launch the attacks remotely, without implanting malicious apps in victim's smartphones. We finally compare the impacts of four different types of IFL attacks on Android and iOS, and propose several mitigation methods. This is a pre-conference talk for HITCON Pacific 2017.
About the Speaker Daoyuan WU is a PhD candidate in Cybersecurity at School of Information Systems, Singapore Management University. He is advised by Associate Professor Debin Gao and Professor Robert H. Deng. His research focuses on mobile security, covering topics such as vulnerability discovery, program analysis, and crowdsourcing measurement. |
