In Android OS, we discover that a notification service called inotify is a new side-channel allowing malware to identify file accesses associated with the display of a security-relevant UI screen. This paper proposes a phishing attack that detects victim UI screens by their file accesses in applications and steals private information.
Woo Hyun AHN
Kwangwoon University
Sanghyeon PARK
LG Electronics
Jaewon OH
the Catholic University of Korea
Seung-Ho LIM
Hankuk University of Foreign Studies
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copy
Woo Hyun AHN, Sanghyeon PARK, Jaewon OH, Seung-Ho LIM, "Inishing: A UI Phishing Attack to Exploit the Vulnerability of Inotify in Android Smartphones" in IEICE TRANSACTIONS on Information,
vol. E99-D, no. 9, pp. 2404-2409, September 2016, doi: 10.1587/transinf.2015EDL8188.
Abstract: In Android OS, we discover that a notification service called inotify is a new side-channel allowing malware to identify file accesses associated with the display of a security-relevant UI screen. This paper proposes a phishing attack that detects victim UI screens by their file accesses in applications and steals private information.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.2015EDL8188/_p
Copy
@ARTICLE{e99-d_9_2404,
author={Woo Hyun AHN, Sanghyeon PARK, Jaewon OH, Seung-Ho LIM, },
journal={IEICE TRANSACTIONS on Information},
title={Inishing: A UI Phishing Attack to Exploit the Vulnerability of Inotify in Android Smartphones},
year={2016},
volume={E99-D},
number={9},
pages={2404-2409},
abstract={In Android OS, we discover that a notification service called inotify is a new side-channel allowing malware to identify file accesses associated with the display of a security-relevant UI screen. This paper proposes a phishing attack that detects victim UI screens by their file accesses in applications and steals private information.},
keywords={},
doi={10.1587/transinf.2015EDL8188},
ISSN={1745-1361},
month={September},}
Copy
TY - JOUR
TI - Inishing: A UI Phishing Attack to Exploit the Vulnerability of Inotify in Android Smartphones
T2 - IEICE TRANSACTIONS on Information
SP - 2404
EP - 2409
AU - Woo Hyun AHN
AU - Sanghyeon PARK
AU - Jaewon OH
AU - Seung-Ho LIM
PY - 2016
DO - 10.1587/transinf.2015EDL8188
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E99-D
IS - 9
JA - IEICE TRANSACTIONS on Information
Y1 - September 2016
AB - In Android OS, we discover that a notification service called inotify is a new side-channel allowing malware to identify file accesses associated with the display of a security-relevant UI screen. This paper proposes a phishing attack that detects victim UI screens by their file accesses in applications and steals private information.
ER -