Hacking in the Blind: (Almost) Invisible Runtime User Interface - - PowerPoint PPT Presentation

hacking in the blind almost invisible runtime user
SMART_READER_LITE
LIVE PREVIEW

Hacking in the Blind: (Almost) Invisible Runtime User Interface - - PowerPoint PPT Presentation

Feb 10, 2023 506 likes •726 views

Hacking in the Blind: (Almost) Invisible Runtime User Interface Attacks Luka Malisa , Kari Kostiainen, Thomas Knell, David Sommer, and Srdjan Capkun {firstname.lastname}@inf.ethz.ch knellt@student.ethz.ch User Interfaces Consists of input

slide-1
SLIDE 1

Hacking in the Blind: (Almost) Invisible Runtime User Interface Attacks

Luka Malisa, Kari Kostiainen, Thomas Knell, David Sommer, and Srdjan Capkun {firstname.lastname}@inf.ethz.ch knellt@student.ethz.ch

slide-2
SLIDE 2
  • Used for daily and critical tasks
  • Consists of input and output

Computer System

User Interfaces

2 Output Input User Interface

slide-3
SLIDE 3

User Interface Attacks

3 Input Output Computer System App App

UI Attacks are often possible

  • 1. Brief and non-invasive
  • 2. Bypass security features
slide-4
SLIDE 4
  • Drawbacks
  • Registers new peripherals
  • Installs malware
  • Assume user not present

Existing Command Injection Attacks

4

  • 1. New Keyboard
  • 2. New Mouse
slide-5
SLIDE 5

Limitations

5

  • Observations
  • 1. Hardened devices
  • 2. Malware installation not possible
  • 3. Damaging attacks possible only when user is present

Can we attack without installing malware?

slide-6
SLIDE 6
  • Benefits

+ Does not install new peripherals + Does not install malware + Assume user is present

Our Attack

6 !!!

  • 1. Click Blocked
  • 2. Inject Events

Heart rate = 100

  • 1. Click Blocked
  • 2. Inject Events
  • 3. Heart rate = 1000
slide-7
SLIDE 7

Our Attack

7

!!!

slide-8
SLIDE 8

Attack Demonstration

8

slide-9
SLIDE 9

Attack Overview

9

slide-10
SLIDE 10

Mouse Location Estimator

10 Mouse Events: Up 10px Left 10px Mouse Events: Up 100px Left 100px Mouse Events: Right 150px Down 150px

slide-11
SLIDE 11

Username: Password:

State Tracking

11

Cancel Login John Doe

******

slide-12
SLIDE 12

Cancel Login

State Tracking

12

Cancel OK Button 2 Button 1 2

Click “Login” State 0 State 2 State 1 State 0

3

Click “Cancel”

1

Click outside

slide-13
SLIDE 13

State Tracking

  • Maintain all possible options
  • Strategies to assign probabilities
  • 1. Both buttons are equally likely
  • 2. “Cancel” is more likely (more area)
  • 3. “Login” is more likely (clicked more often)
  • Introduce expert knowledge through assumptions on probabilities

13

Cancel Login

slide-14
SLIDE 14

Attack Overview

14

slide-15
SLIDE 15

User Interface Models

15

Pay to: Amount: Cancel Submit

Text Button Button

Full Model Partial Model

E-Banking UI

Text

Application

slide-16
SLIDE 16

Attack Applicability

16 UI unique? Partial model App simple? Not applicable Full model Yes No Yes No

slide-17
SLIDE 17

Evaluation

17 Simulated Pacemaker Programmer State Estimation Accuracy: 90% after 10 clicks Attack Success Rate: >90%

slide-18
SLIDE 18

Evaluation

18 E-Banking Attack Success Rate: >90% Processing Delay: 40ms

slide-19
SLIDE 19

Countermeasures

19

  • Preventing our attack
  • 1. Trusted path
  • 2. Biometrics
  • 3. Randomized UIs

(See paper for others)

slide-20
SLIDE 20

Discussion

20

  • No signs of attacks in the wild, but hardware exists
  • Attack device easy to minimize
  • Small footprint
slide-21
SLIDE 21

Conclusion

21

  • Hacking-in-the-Blind
  • A novel UI attack
  • Easy to deploy
  • Invisible to malware detection
  • Accurate and stealthy

Thank you!