Welcome to XDA

Search to go directly to your device's forum

Register an account

Unlock full posting privileges

Ask a question

No registration required
Post Reply

[Q] Statistical analysis of Android shared memory leads to critical security issues.

OP kung fu grep

23rd August 2014, 04:39 AM   |  #1  
OP Junior Member
Thanks Meter: 0
 
3 posts
Join Date:Joined: Aug 2014
This was released today but there does not appear to be much info on whether this is already in the wild. It would be almost undetectable.

Apparently it is possible to use statistical analysis of the size of the surfaceflinger off-screen buffer to predict with 90% accuracy what another app is doing. All an attacker needs is an application that runs in the background, and does not require any special permissions. Once it determines that a user is entering his password, for example, it can bring to the foreground an identical looking password dialog and capture the login data. Since the user expects this behavior, they may never notice.

So far all I could find is the actual paper:
cs.ucr.edu/~zhiyunq/pub/sec14_android_activity_inference.pdf

And some videos of a proof of concept have been posted:
f2bbs.com/thread/2234

The question is: has this been seen in the wild? Seems like a very serious threat without an obvious fix...
Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes