hacking in the blind almost invisible runtime user
play

Hacking in the Blind: (Almost) Invisible Runtime User Interface - PowerPoint PPT Presentation

Feb 10, 2023 •506 likes •726 views

Hacking in the Blind: (Almost) Invisible Runtime User Interface Attacks Luka Malisa , Kari Kostiainen, Thomas Knell, David Sommer, and Srdjan Capkun {firstname.lastname}@inf.ethz.ch knellt@student.ethz.ch User Interfaces Consists of input

  1. Hacking in the Blind: (Almost) Invisible Runtime User Interface Attacks Luka Malisa , Kari Kostiainen, Thomas Knell, David Sommer, and Srdjan Capkun {firstname.lastname}@inf.ethz.ch knellt@student.ethz.ch

  2. User Interfaces • Consists of input and output User Interface Input Computer System Output • Used for daily and critical tasks 2

  3. User Interface Attacks UI Attacks are often possible 1. Brief and non-invasive 2. Bypass security features Input Output App … App Computer System 3

  4. Existing Command Injection Attacks 1. New Keyboard 2. New Mouse • Drawbacks - Registers new peripherals - Installs malware - Assume user not present 4

  5. Limitations • Observations 1. Hardened devices 2. Malware installation not possible 3. Damaging attacks possible only when user is present Can we attack without installing malware? 5

  6. Our Attack 1. Click Blocked 1. Click Blocked 2. Inject Events 2. Inject Events 3. Heart rate = 1000 !!! Heart rate = 100 • Benefits + Does not install new peripherals + Does not install malware + Assume user is present 6

  7. Our Attack !!! 7

  8. Attack Demonstration 8

  9. Attack Overview 9

  10. Mouse Location Estimator Mouse Events: Mouse Events: Mouse Events: Up 10px Up 100px Right 150px Left 10px Left 100px Down 150px 10

  11. State Tracking Username: John Doe Password: ****** Login Cancel 11

  12. State Tracking State 0 Login Cancel 1 Click outside 3 Click “Cancel” 2 Click “Login” State 0 State 1 State 2 OK Cancel Button 1 Button 2 12

  13. State Tracking • Maintain all possible options Login Cancel • Strategies to assign probabilities 1. Both buttons are equally likely 2. “Cancel” is more likely (more area) 3. “Login” is more likely (clicked more often) • Introduce expert knowledge through assumptions on probabilities 13

  14. Attack Overview 14

  15. User Interface Models Full Model Application Partial Model Text E-Banking UI Text Pay to: Amount: Button Submit Cancel Button 15

  16. Attack Applicability UI unique? Yes No Partial model App simple? Yes No Full model Not applicable 16

  17. Evaluation State Estimation Accuracy: 90% after 10 clicks Attack Success Rate: >90% Simulated Pacemaker Programmer 17

  18. Evaluation Attack Success Rate: >90% Processing Delay: 40ms 18 E-Banking

  19. Countermeasures • Preventing our attack 1. Trusted path 2. Biometrics 3. Randomized UIs (See paper for others) 19

  20. Discussion • No signs of attacks in the wild , but hardware exists • Attack device easy to minimize • Small footprint 20

  21. Conclusion • Hacking-in-the-Blind • A novel UI attack • Easy to deploy • Invisible to malware detection • Accurate and stealthy Thank you! 21

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

MEDIA DISRUPTION SEEING BEYOND SEEING BEYOND SEEING BEYOND SEEING BEYOND LED BY THE BLIND

MEDIA DISRUPTION SEEING BEYOND SEEING BEYOND SEEING BEYOND SEEING BEYOND LED BY THE BLIND

MEDIA DISRUPTION SEEING BEYOND SEEING BEYOND SEEING BEYOND SEEING BEYOND LED BY THE BLIND HACKING VISUAL CULTURE W/ THE GLAD SCIENTIST Daniel Eric Carlos Hector Alberto Sabio CLOSE YOUR EYES AND LISTEN IMAGINE as minutes as hours as

916 views • 54 slides
Google Chrome The Invisible Browser Ben Goodger Tech Lead, User Interface Google Inc.

Google Chrome The Invisible Browser Ben Goodger Tech Lead, User Interface Google Inc.

Google Chrome The Invisible Browser Ben Goodger Tech Lead, User Interface Google Inc. Beginnings A new browser... a new opportunity A modern platform for web applications Objective: An Invisible Browser Deliver a transparent experience:

557 views • 9 slides
ETHICAL HACKING Daniel Cloherty CAN HACKING BE ETHICAL? What makes hacking ethical?

ETHICAL HACKING Daniel Cloherty CAN HACKING BE ETHICAL? What makes hacking ethical?

ETHICAL HACKING Daniel Cloherty CAN HACKING BE ETHICAL? What makes hacking ethical? Legality VS Ethics State Sanctioned hacking BLACK HAT - Stereotypical Hacker -Stealing data for personal gain -Obviously not ethical -Using

1.17k views • 10 slides
Fresh for tomorrow? Peter Martin, The Age Invisible? Invisible? Invisible? When searching for

Fresh for tomorrow? Peter Martin, The Age Invisible? Invisible? Invisible? When searching for

Fresh for tomorrow? Peter Martin, The Age Invisible? Invisible? Invisible? When searching for an analogy to describe the government, the first thing that comes to a government ministers mind is a company. Invisible? When searching for

638 views • 37 slides
Infocognitive OCR Product Walkthrough Invisible Documents A Hidden Problem Invisible? In your

Infocognitive OCR Product Walkthrough Invisible Documents A Hidden Problem Invisible? In your

Infocognitive OCR Product Walkthrough Invisible Documents A Hidden Problem Invisible? In your EMS/DMS, one t thir ird d of Searchable Unsearchable your documents and attachments may be invisible to search. Where do these invisible

135 views • 12 slides
Future Banking and Financial Attacks Konstantinos Karagiannis Director, Ethical Hacking, BT

Future Banking and Financial Attacks Konstantinos Karagiannis Director, Ethical Hacking, BT

Future Banking and Financial Attacks Konstantinos Karagiannis Director, Ethical Hacking, BT Advise Assure 2 Agenda/topics covered Threat overview Advanced User Enumeration and DDoS Trading Turret and Timing Attacks Internal and External User

365 views • 35 slides
secuBT Hacking the Hackers with User-Space Virtualization Mathias Payer

secuBT Hacking the Hackers with User-Space Virtualization Mathias Payer

secuBT Hacking the Hackers with User-Space Virtualization Mathias Payer <mathias.payer@inf.ethz.ch> 1 Mathias Payer: secuBT - User-Space Virtualization Motivation Virtualizing and encapsulating running programs is important:

693 views • 40 slides
Exploring the Academic Invisible Web Das wissenschaftliche Invisible Web erkunden Dr. Dirk

Exploring the Academic Invisible Web Das wissenschaftliche Invisible Web erkunden Dr. Dirk

Exploring the Academic Invisible Web Das wissenschaftliche Invisible Web erkunden Dr. Dirk Lewandowski Heinrich-Heine-Universitt Dsseldorf, Information Science Research done in collaboration with Philipp Mayr, Bonn Agenda 1. Introduction

340 views • 23 slides
User Defined Runtime Environments in UNICORE EGI Technical Forum 2011, Lyon, FR 2011-09-21 Bj

User Defined Runtime Environments in UNICORE EGI Technical Forum 2011, Lyon, FR 2011-09-21 Bj

Mitglied der Helmholtz-Gemeinschaft User Defined Runtime Environments in UNICORE EGI Technical Forum 2011, Lyon, FR 2011-09-21 Bj orn Hagemeier and Kiran Javaid Agenda Introduction Design Fitting the Model VMM Abstraction VM Images

548 views • 31 slides
Invisible Logic 1 9/20/10 2 9/20/10 3 9/20/10 4 9/20/10

Invisible Logic 1 9/20/10 2 9/20/10 3 9/20/10 4 9/20/10

9/20/10 Invisible Logic Embedded Systems & Kinetic Art Fall 2009 CS5968 / FA3800 Invisible Logic 1 9/20/10 2 9/20/10 3 9/20/10 4 9/20/10 5 9/20/10 6 9/20/10

284 views • 13 slides
Levenberg-Marquardt Computation of the Block Factor Model for Blind Multi-User Access in Wireless

Levenberg-Marquardt Computation of the Block Factor Model for Blind Multi-User Access in Wireless

Levenberg-Marquardt Computation of the Block Factor Model for Blind Multi-User Access in Wireless Communications by Dimitri NION and Lieven DE LATHAUWER Laboratoire ETIS, CNRS UMR 8051 6 avenue du Ponceau, 95014 CERGY FRANCE 14 th European

719 views • 23 slides
Hacking Reinforcement Learning Guillem Duran Ballester Guillemdb @Miau_DB A tale about hacking

Hacking Reinforcement Learning Guillem Duran Ballester Guillemdb @Miau_DB A tale about hacking

Hacking Reinforcement Learning Guillem Duran Ballester Guillemdb @Miau_DB A tale about hacking AI-Corp Hacking RL 1. Information gathering 2. Scanning 3. Exploitation & privilege escalation 4. Maintaining access & covering tracks

960 views • 62 slides
N. Healing two blind men and a deaf mute Matthew 9:27 34 1. Matthew 9:27 These blind

N. Healing two blind men and a deaf mute Matthew 9:27 34 1. Matthew 9:27 These blind

N. Healing two blind men and a deaf mute Matthew 9:27 34 1. Matthew 9:27 These blind men called to Jesus using the Messianic title Son of David . Matthew implied that these blind men saw more than the Pharisees and other national leaders

639 views • 27 slides
are. I can create invisible ink. I can experiment using invisible ink. What are chemical

are. I can create invisible ink. I can experiment using invisible ink. What are chemical

Week 5 Science L.O. To investigate chemical reactions. I can explain what chemical reactions are. I can create invisible ink. I can experiment using invisible ink. What are chemical reactions? A chemical reaction is what happens when a

292 views • 5 slides
Hacking SecondLife Michael Thumann Hacking SecondLife by Michael Thumann 2/24/08 1

Hacking SecondLife Michael Thumann Hacking SecondLife by Michael Thumann 2/24/08 1

Hacking SecondLife Michael Thumann Hacking SecondLife by Michael Thumann 2/24/08 1 Disclaimer Everything you are about to see, hear, read and experience is for educational purposes only. No warranties or guarantees implied or

692 views • 47 slides
A1 (Part 3): Injection Blind SQL Injection Blind SQL Injection SQL injectio ion that tricks ks

A1 (Part 3): Injection Blind SQL Injection Blind SQL Injection SQL injectio ion that tricks ks

A1 (Part 3): Injection Blind SQL Injection Blind SQL Injection SQL injectio ion that tricks ks databases into reveal l information by way of the success or failure of injected querie ies Analogous example le: Login prompt that stops ps

602 views • 14 slides
High(ish) Availability For iRODS John Constable Informatics Support Group Design User Stories

High(ish) Availability For iRODS John Constable Informatics Support Group Design User Stories

High(ish) Availability For iRODS John Constable Informatics Support Group Design User Stories As a Systems Administrator, I want to be able to take an IES down for maintenance without affecting sequencing pipelines As a Zone

416 views • 22 slides
HTML 5 WebSocket delivers the Real-time Web QCon, San Francisco November 18, 2009 1

HTML 5 WebSocket delivers the Real-time Web QCon, San Francisco November 18, 2009 1

HTML 5 WebSocket delivers the Real-time Web QCon, San Francisco November 18, 2009 1 Introduction John Fallows CTO @ Kaazing Author @ Pro JSF & Ajax Contributor @ W3C HTML 5 Contributor @ IETF Bidirectional Hypertext

293 views • 27 slides
Best practices for MySQL High Availability in 2017 Colin Charles, Chief Evangelist, Percona Inc.

Best practices for MySQL High Availability in 2017 Colin Charles, Chief Evangelist, Percona Inc.

Best practices for MySQL High Availability in 2017 Colin Charles, Chief Evangelist, Percona Inc. colin.charles@percona.com / byte@bytebot.net http://www.bytebot.net/blog/ | @bytebot on Twitter Percona Live Santa Clara, California, USA 24 April

1.96k views • 163 slides
Lightweight Block Cipher Design Gregor Leander HGI, Ruhr University Bochum, Germany Croatia 2014

Lightweight Block Cipher Design Gregor Leander HGI, Ruhr University Bochum, Germany Croatia 2014

Motivation Industry Academia A Critical View Lightweight: 2nd Generation Wrap-Up Lightweight Block Cipher Design Gregor Leander HGI, Ruhr University Bochum, Germany Croatia 2014 Motivation Industry Academia A Critical View Lightweight:

1.77k views • 79 slides
OVN (Open Virtual Network) Ben Pfaff - @Ben_Pfaff Justin Pettit - @Justin_D_Pettit Russell

OVN (Open Virtual Network) Ben Pfaff - @Ben_Pfaff Justin Pettit - @Justin_D_Pettit Russell

OVN (Open Virtual Network) Ben Pfaff - @Ben_Pfaff Justin Pettit - @Justin_D_Pettit Russell Bryant - @russellbryant OVN Principles Performance Scalability Simplicity Reliability Visibility What is OVN? Virtual Networking for Open

391 views • 24 slides
Bidirectional transformations workshop at Cargilfield Perdita Stevens University of Edinburgh

Bidirectional transformations workshop at Cargilfield Perdita Stevens University of Edinburgh

Bidirectional transformations workshop at Cargilfield Perdita Stevens University of Edinburgh June 2017 Who am I? Whats my job? Perdita Stevens (Robin Bradfields mother!) Professor of Mathematics of Software Engineering University of

536 views • 41 slides
SE320 Software Verification and Validation Introduction & Overview Prof. Colin S. Gordon

SE320 Software Verification and Validation Introduction & Overview Prof. Colin S. Gordon

SE320 Software Verification and Validation Introduction & Overview Prof. Colin S. Gordon Fall 2018, Week 1 (9/2428) 1 Course Administrativia 2 First. . . You are being recorded. Lectures in this course are recorded. The recordings

1.47k views • 110 slides
Climates Shifts vs. Decadal to Centennial Variability Edwin K. Schneider George Mason University

Climates Shifts vs. Decadal to Centennial Variability Edwin K. Schneider George Mason University

Climates Shifts vs. Decadal to Centennial Variability Edwin K. Schneider George Mason University and COLA CLIVAR-ICTP Workshop on Past and Future Climate Shifts: Decadal Climate Variability and Predictability November 16 - 24, 2015

511 views • 27 slides

More recommend