展开查看详情
1 .Code Injection Attacks on HTML5-based Mobile Apps: Characterization, Detection and Mitigation Xing Jin, Xunchao Hu, Kailiang Ying, Wenliang Du, Heng Yin and Gautam Nagesh Peri
2 .Outline Background and motivation Overall problem definition and challenges Related work Solutions for paper 1 Solutions for paper 2 Comparison between the two papers Conclusions
3 .Outline Background and motivation Overall problem definition and challenges Related work Solutions for paper 1 Solutions for paper 2 Comparison between the two papers Conclusions
4 .(a) (c) (b) (d) (g) (f) (e) (h)
6 .App Development Comparison
7 .Architecture of a hybrid app Native container Creates instance of UIWebView android.webkit.WebView / etc. Navigates to main html file Implements listener/handler for requests coming from JS code Activates JS code when necessary HTML5/CSS3/JS code: Implements UI and app logic Activates native handlers through OS-specific mechanism (custom URL scheme) Receives responses through JS handlers
8 .8 HTML5-based Mobile App Hybrid apps
9 .Architecture of a hybrid app PhoneGap – Open Source Framework The de-facto standard for hybrid app development Now in transition into becoming “Apache Callback” Provides: A template implementation for the native container Implementation of the JS<->Native bridge for 6 mobile OSs OS-independent JS APIs for activating device functions
10 .PhoneGap Architecture
11 .HTML5-based Mobile App and Risk
12 .12 Overview of HTML5-based Mobile App
13 .13 Overview of HTML5-based Mobile App
14 .Overview of HTML5-based Mobile App PhoneGap Device Accelerometer Camera Compass Contacts File Geolocation Notification … WebView HTML CSS JavaScript addJavascriptInterface() Advantage: Can be easily ported between different platforms Disadvantage: Need to build the bridge between JavaScript and native resources
15 .Overview of PhoneGap Architecture
16 .Example: raising a native alert from JS code
17 .Example: accessing the camera
18 .Example: accessing the camera
19 .Risks in HTML5-based Mobile App (JavaScript) Data and code can be mixed together. var text="Hello!<script>alert(hello)</script>"; document.write(text); Once it runs, the data will be displayed, and the JavaScript code will also be executed.
20 .Attack Procedures Shortened URLs
21 .Attack Procedures SMS / Whatsapps / Facebook Messages / Emails
22 .Attack Procedures SMS / Whatsapps / Facebook Messages / Emails Facebook Messenger and in-app browser, clicking the messages executed the XSS payload
23 .Attack Procedures Stealing content from Web SQL Database by XSS sample Web SQL was initiated, storing cities information XSS vulnerability was injected in the code from QueryString XSS Payload was inserted in URL to retrieve the first city name from the table “city”
24 .Attack Procedures Stealing content from Web SQL Database by XSS The city name of the first record was successfully retrieved by XSS
25 .Attack Procedures Eavesdropping Mobile Website Traffic Sample mobile website required user to login, and profile page was displayed after authentication
26 .Attack Procedures Eavesdropping Mobile Website Traffic Tcpdump installed in the Android Emulator, it captured all the network traffic from the Emulator
27 .Attack Procedures Eavesdropping Mobile Website Traffic The plaintext traffic was viewed by Wireshark, username and password were captured easily
28 .Demo Would you scan this?
29 .Demo (Video) www.cis.syr.edu/~wedu/android/JSCodeInjection/index.html
热门城市
