sc screen reenmilk milker er
play

Sc Screen reenmilk milker er: How to Milk Your Android Screen - PowerPoint PPT Presentation

Sep 30, 2022 •269 likes •570 views

Sc Screen reenmilk milker er: How to Milk Your Android Screen for Secrets Chia-Chi Lin, Hongyang Li 1 , Xiaoyon ong Zhou 2 , and XiaoFeng Wang 2 1 University of Illinois at Urbana-Champaign 2 Indiana University at Bloomington INDIANA

  1. Sc Screen reenmilk milker er: How to Milk Your Android Screen for Secrets Chia-Chi Lin, Hongyang Li 1 , Xiaoyon ong Zhou 2 , and XiaoFeng Wang 2 1 University of Illinois at Urbana-Champaign 2 Indiana University at Bloomington INDIANA UNIVERSITY Bloomington 3/26/2015 Screenmilker 1

  2. Android Security VS. App Demands Andr droid id sec ecuri rity ty de desig ign • No No Direct access system resources • No No Reading/Writing outside it’s own directory • No No installing/uninstalling other apps User’s/developer’s demands • Capture screen • Backup • USB Tethering 3/26/2015 Screenmilker 2

  3. One Solution: Root the phone # 3/26/2015 Screenmilker 3

  4. An Legitimate Alternative: ADB Proxy • Android Debug Bridge (ADB) • A versatile command line tool that lets user communicate with his device • A set of capabilities • Install/Uninstall • Pull/Push data • Take screenshots / Record screen • … • How app can use ADB? -- proxy 3/26/2015 Screenmilker 4

  5. ADB Proxy • An native executable implemented by developer • Runs on the phone as shell user to provide privileged services to other apps • ADB proxy is legitimate • Apps using this approach have tens of millions of downloads • No objections from Google Screenshot Access App ADB Proxy command framebuffer 3/26/2015 Screenmilker 5

  6. 1. Turn on USB Debugging and Connect Android to a PC 3/26/2015 Screenmilker 6

  7. 2. Run a Script on the PC to Install a ADB Proxy on Android #! /bin/bash ADB Proxy • ADB Proxy has the same capabilities as ADB 3/26/2015 Screenmilker 7

  8. 3. Disconnect Android from the PC ADB Proxy 3/26/2015 Screenmilker 8

  9. Apps Using ADB proxy • Screenshot apps • Very popular on Google Play • USB Tethering Apps • Sync and Backup Apps App Name Total Installs Screen Capture – No Rooting 2.2 1,000,000 – 5,000,000 Screenshot Free 1,000,000 – 5,000,000 Screenshot UX Trail 1,000,000 – 5,000,000 No Root Screenshot It 100,000 – 500,000 Screenshot and Draw Trail 100,000 – 500,000 Screenshot Ultimate 100,000 – 500,000 ShakeShot Trail 100,000 – 500,000 NoRoot Screenshot Lite 50,000 – 100,000 3/26/2015 Screenmilker 9

  10. Security Implications • No Access Control Malicious • Local socket App App • Any apps with the INTERNET permission can connect to ADB proxy • A malicious app could sock cket et command ADB proxy to ADB Proxy • Take screenshots • Install applications 3/26/2015 Screenmilker 10

  11. Naïve attacks are not stealthy • Streaming pictures to adversary consumes too much bandwidth • Running OCR locally uses too much CPU and memory For a 2-Mbps Upload Bandwidth, Only 2 Screenshots Can Be Sent Out Every Second 3/26/2015 Screenmilker 11

  12. Our Attack Screenmilker App Runtime Attacker /proc/[pid]/stat Situation Detection Real-Time Screenshot Internet Data ADB Proxy Extraction 3/26/2015 Screenmilker 12

  13. Detect Screenshot Proxy • Build a database of screenshot apps • Use call PackageM ageManager anager to get the list of apps on the device • Alternatively, scan TCP ports ADB proxies use 3/26/2015 Screenmilker 13

  14. Runtime Situation Detection • Detect target apps (e.g., banking apps) through PackageManager • Probe /proc oc/[ /[pid pid]/s /sta tat to monitor apps’ activities • Check the cpu utime change of target app • Monitor the soft keyboard app to identify whether user is typing on the soft keyboard • com.google.android.inputmethod.latin 3/26/2015 Screenmilker 14

  15. Detecting Application States 1. Get Screen Orientation 2. Take screenshots 3. Extract title bar 4. Match the title bar against app state database 3/26/2015 Screenmilker 15

  16. Real-Time Keystroke Analysis 3/26/2015 Screenmilker 16

  17. Fingerprinting the Soft Keyboard 3/26/2015 Screenmilker 17

  18. Determining the Keystroke CRC32 32 Value ue Keys ystroke 222054093 a 222054093 8599545 b 4181574192 c … … 3/26/2015 Screenmilker 18

  19. Real-Time Contact Collection CRC 3/26/2015 Screenmilker 19

  20. Evaluations 3/26/2015 Screenmilker 20

  21. Effectiveness: Single Key Stroke Capture Ratio Capture Ratio Increases From 27% to 76% as the Screenshot Rate Increases 3/26/2015 Screenmilker 21

  22. Password Extraction • Experiment setup • 10-character passwords • 5 banking apps [American Express, Chase, Citi, PayPal and Wells Fargo] • 40 password entering for each app • How many rounds to recover a password? • Screenmilker may miss the moment for some keystrokes 3/26/2015 Screenmilker 22

  23. Rounds to Extract Entire Password App Average Number of Rounds American Express US 2.625 Citi Mobile 2.525 Chase Mobile 2.325 PayPal 2.75 Wells Fargo Mobile 2.45 3/26/2015 Screenmilker 23

  24. CPU run time Extraction Function Time [ms] General Initialize Hash Table [one time] 1.389 Take a Screenshot 161.314 [not controllable by Screenmilker] Keystroke Fingerprint the Image 0.388 Extraction Features Lookup Hash Table 0.220 Contact Obtain Position of Text 3.018 Collection 2.916 Segment and Map Text 3/26/2015 Screenmilker 24

  25. Memory Consumption App Memory [Kbytes] Screenmilker [situation detection] 286.308 Clock 294.072 Screenmilker [contact collection] 295.279 Screenmilker [keystroke extraction] 295.364 Calculator 295.464 Google Talk 310.844 Instagram 326.244 Pandora Internet Radio 356.332 Facebook 365.384 Browser 391.912 Temple Run 2 436.712 3/26/2015 Screenmilker 25

  26. Power Consumption App Power [mW] Screenmilker [situation detection] 4.1 Screenmilker [contact collection] 8.3 Google Talk 47.8 Clock 52.1 Calculator 91.8 Screenmilker [keystroke extraction] 101.6 Instagram 155.8 Pandora Internet Radio 213.5 Facebook 252.1 Browser 374.8 Temple Run 2 529.2 3/26/2015 Screenmilker 26

  27. Mitigations: Access Control on ADB Proxy • Utilize iptables to control local-socket communication • Users need to explicitly grant apps permission to communicate with local servers • We build a service to add iptables rules accordingly 3/26/2015 Screenmilker 27

  28. Conclusions • ADB proxy is a popular workarounds that grant privileged capabilities to 3 rd party apps • Without proper protection, ADB proxy could be exploited by malicious apps to extract sensitive information from the phone as demonstrated by Screenmilker • From our evaluation, we show that malicious app can effectively and stealthily extract information from screenshots 3/26/2015 Screenmilker 28

  29. Thank You! Questions? 3/26/2015 Screenmilker 29

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Display Screen Equipment (DSE) Display Screen Equipment What is Display Screen Equipment?

Display Screen Equipment (DSE) Display Screen Equipment What is Display Screen Equipment?

Display Screen Equipment (DSE) Display Screen Equipment What is Display Screen Equipment? Display Screen Equipment (DSE) is a device or equipment that has an alphanumeric or graphic display screen. I t includes both conventional display

739 views • 34 slides
MULTI-SCREEN WORLD AGENDA What is a multi-screen website? The growing importance of

MULTI-SCREEN WORLD AGENDA What is a multi-screen website? The growing importance of

Master the MULTI-SCREEN WORLD AGENDA What is a multi-screen website? The growing importance of multi-screen sites What Google recommends What Google requires Turning visitors into customers Providing a custom

273 views • 15 slides
GNU Screen Matt G. Habib & Ryan Curtin LUG@GT Matt G. Habib & Ryan Curtin GNU Screen -

GNU Screen Matt G. Habib & Ryan Curtin LUG@GT Matt G. Habib & Ryan Curtin GNU Screen -

GNU Screen Matt G. Habib & Ryan Curtin LUG@GT Matt G. Habib & Ryan Curtin GNU Screen - p. 1/26 Introduction What is GNU Screen and why should I care? Introduction Basic Screen Terminal multiplexer screenrc File

535 views • 26 slides
When free-falling screen records interference and standing screen does not Lajos Disi Wigner

When free-falling screen records interference and standing screen does not Lajos Disi Wigner

When free-falling screen records interference and standing screen does not Lajos Disi Wigner Research Centre for Physics H-1525 Budapest 114, POB 49, Hungary 29 March 2017, Valletta Acknowledgements go to: EU COST Action CA15220 Quantum

290 views • 7 slides
Group 3 To Screen or Not to Screen: Who, Why, When and Where? Paul Speight (Chair), Omar Kujan,

Group 3 To Screen or Not to Screen: Who, Why, When and Where? Paul Speight (Chair), Omar Kujan,

Group 3 To Screen or Not to Screen: Who, Why, When and Where? Paul Speight (Chair), Omar Kujan, Toru Nagao, March 4 th /5th 2016 Kannan Ranganathan, Pablo Vargas Joel Epstein (Moderator) , Paul Speight PhD, BDS, FDSRCPS, FDSRCS (Eng), FDSRCS

1.53k views • 107 slides
03/07/2015 Front Screen First screen viewed on the mobile app 03/07/2015 First Time Use Front

03/07/2015 Front Screen First screen viewed on the mobile app 03/07/2015 First Time Use Front

03/07/2015 Front Screen First screen viewed on the mobile app 03/07/2015 First Time Use Front Screen When you first click on the CIC Mobile Application you will be presented with a Welcome screen that will guide you through the first time

655 views • 36 slides
Image and Video Coding: Video Coding Extensions Screen Content Coding Screen Content Coding

Image and Video Coding: Video Coding Extensions Screen Content Coding Screen Content Coding

Image and Video Coding: Video Coding Extensions Screen Content Coding Screen Content Coding sensor-captured video content screen content video Screen Content Video Increasingly becoming important for a number of applications (e.g., online

573 views • 34 slides
Logistics At the top right corner of your screen: Show your control panel to submit questions and

Logistics At the top right corner of your screen: Show your control panel to submit questions and

Logistics At the top right corner of your screen: Show your control panel to submit questions and see answers All phones/microphones are muted for the duration of the webinar. Toggle between full screen/window screen view Control Panel:

644 views • 27 slides
Logistics At the top right corner of your screen: Show your control panel to submit questions and

Logistics At the top right corner of your screen: Show your control panel to submit questions and

Logistics At the top right corner of your screen: Show your control panel to submit questions and see answers All phones/microphones are muted for the duration of the webinar. Toggle between full screen/window screen view Control Panel:

463 views • 35 slides
Logistics At the top right corner of your screen: Show your control panel to submit questions and

Logistics At the top right corner of your screen: Show your control panel to submit questions and

Logistics At the top right corner of your screen: Show your control panel to submit questions and see answers All phones/microphones are muted for the duration of the webinar. Toggle between full screen/window screen view Control Panel:

723 views • 36 slides
KLIK Boks PLUS Wireless Screen Sharing System KB-601 KLIK Boks PLUS brings wireless screen

KLIK Boks PLUS Wireless Screen Sharing System KB-601 KLIK Boks PLUS brings wireless screen

KLIK Boks PLUS Wireless Screen Sharing System KB-601 KLIK Boks PLUS brings wireless screen sharing to busy offices, meeting rooms or classrooms where rapid-fire presentations take place. Equipped with extensive hardware connectivity, and a

79 views • 3 slides
Advanced Computer Graphics CS 563: Screen Space Real time GI Algorithm Screen Space

Advanced Computer Graphics CS 563: Screen Space Real time GI Algorithm Screen Space

Advanced Computer Graphics CS 563: Screen Space Real time GI Algorithm Screen Space Directional Occlusion Xin Wang Feb,21,2012 Computer Science Dept. Worcester Polytechnic Institute (WPI) Overview Real time Global Illumination

870 views • 25 slides
COVID 19 UPDATE 4-2-2020 How to use the Side Panel How do I see the screen under the side

COVID 19 UPDATE 4-2-2020 How to use the Side Panel How do I see the screen under the side

COVID 19 UPDATE 4-2-2020 How to use the Side Panel How do I see the screen under the side panel? The orange arrow closes and opens the side panel. How can I make my screen bigger? To have a bigger view of the screen, select the square

406 views • 18 slides
COVID 19 UPDATE 4-9-2020 How to use the Side Panel How do I see the screen under the side

COVID 19 UPDATE 4-9-2020 How to use the Side Panel How do I see the screen under the side

COVID 19 UPDATE 4-9-2020 How to use the Side Panel How do I see the screen under the side panel? The orange arrow closes and opens the side panel. How can I make my screen bigger? To have a bigger view of the screen, select the square

381 views • 20 slides
Its Not Its Not Easy Being Green: Easy Being Green: Green Screen as Green Screen as

Its Not Its Not Easy Being Green: Easy Being Green: Green Screen as Green Screen as

Its Not Its Not Easy Being Green: Easy Being Green: Green Screen as Green Screen as Video Modeling Video Modeling Tool Tool Melanie Conatser, OTR Jayna Huber, OTS Cari Wilson, OTS About Us Gra dua ted from Indiana University

257 views • 24 slides
The Wretched of the Screen By Hito Steyerl THE POLITICS OF VERTICALITY CLASS RESEARCH STUDENT :

The Wretched of the Screen By Hito Steyerl THE POLITICS OF VERTICALITY CLASS RESEARCH STUDENT :

The Wretched of the Screen By Hito Steyerl THE POLITICS OF VERTICALITY CLASS RESEARCH STUDENT : STEF_TAM INSTRUCTOR : R_MENDEZ DATE 10.30.18 THE WRETCHED OF THE SCREEN PAGE 002 THE WRETCHED OF THE SCREEN Recent 3-D animation

385 views • 6 slides
Two-sided Internet Markets and the Need to Assess Both Upstream and Downstream Impacts: Lessons

Two-sided Internet Markets and the Need to Assess Both Upstream and Downstream Impacts: Lessons

Two-sided Internet Markets and the Need to Assess Both Upstream and Downstream Impacts: Lessons from Legacy Credit Card Platforms A presentation at the 9th th CAIDA/MIT Workshop on Internet Economics University of California at San Diego

434 views • 10 slides
Leveraging Kanban to Create the Agile Organization As Agile is more accepted as the way to

Leveraging Kanban to Create the Agile Organization As Agile is more accepted as the way to

Leveraging Kanban to Create the Agile Organization As Agile is more accepted as the way to develop software in organizations, some software teams and groups within IT are also becoming Agile, but with using Kanban as their chosen Agile

458 views • 27 slides
CSE 154 LECTURE 8: EVENTS AND TIMERS attribute Setting a timer method description setTimeout(

CSE 154 LECTURE 8: EVENTS AND TIMERS attribute Setting a timer method description setTimeout(

CSE 154 LECTURE 8: EVENTS AND TIMERS attribute Setting a timer method description setTimeout( function , delayMS ); arranges to call given function after given delay in ms setInterval( function , delayMS ); arranges to call function repeatedly

420 views • 18 slides
SOCI 210: Sociological Perspectives Sept. 17 1. Nation states and societies 2. European

SOCI 210: Sociological Perspectives Sept. 17 1. Nation states and societies 2. European

SOCI 210: Sociological Perspectives Sept. 17 1. Nation states and societies 2. European colonialism 3. Theoretical tradition 1: structural functionalism 1 Citation Data Societal Transformation and Progress 2 Societal transformation

277 views • 8 slides
November 5 th , 2015 25 th Anniversary Conference and Gala Celebration #BCCWF25 Boston College

November 5 th , 2015 25 th Anniversary Conference and Gala Celebration #BCCWF25 Boston College

November 5 th , 2015 25 th Anniversary Conference and Gala Celebration #BCCWF25 Boston College Center for Work & Family 25 th th Anni nniver ersary ary Si Signa nature Sp re Sponsor JOHNSON & JOHNSON 25 th Anni 25 niversary R y

179 views • 7 slides
MAY, 2018 JEFF JAFFE, W3C CEO INDUSTRIES AT W3C INDUSTRIES AT W3C Industries at W3C focus on

MAY, 2018 JEFF JAFFE, W3C CEO INDUSTRIES AT W3C INDUSTRIES AT W3C Industries at W3C focus on

MAY, 2018 JEFF JAFFE, W3C CEO INDUSTRIES AT W3C INDUSTRIES AT W3C Industries at W3C focus on needs of commercial companies which might not be general Web capabilities. Six industries: Web Payments Web Publishing

498 views • 31 slides
interacting networks Beate Schmittmann Department of Physics, Virginia Tech with Wenjia Liu,

interacting networks Beate Schmittmann Department of Physics, Virginia Tech with Wenjia Liu,

A first attempt at characterizing interacting networks Beate Schmittmann Department of Physics, Virginia Tech with Wenjia Liu, Shivakumar Jolad and Royce Zia Large Fluctuations in Nonequilibrium Systems MPI f r Physik komplexer Systeme

527 views • 30 slides
Disclosure No relevant financial relationship exists UCSF CME PRIMARY CARE MEDICINE: Update 2018

Disclosure No relevant financial relationship exists UCSF CME PRIMARY CARE MEDICINE: Update 2018

4/6/18 Disclosure No relevant financial relationship exists UCSF CME PRIMARY CARE MEDICINE: Update 2018 April 1-6, 2018 Management of Concussions in Your Active Patient Cindy J. Chang, MD Primary Care Sports Medicine Clinical Professor of

301 views • 15 slides

More recommend