attacks on webview in the android system
DESCRIPTION
Tongbo Luo , Hao Hao , Wenliang Du , Yifei Wang, and Heng Yin Syracuse University ACSAC 2011. Attacks on WebView in the Android System. Agenda. Introduction WebView Threat Models Attacks from Web Pages Attack from Malicious Apps Case Studies Conclusion. Introduction. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Attacks on WebView in the Android System](https://reader036.vdocuments.net/reader036/viewer/2022062310/5681634e550346895dd3ed4c/html5/thumbnails/1.jpg)
12011/12/20 YLJ@adlab
ATTACKS ON WEBVIEW IN THE ANDROID SYSTEM
Tongbo Luo, Hao Hao, Wenliang Du, Yifei Wang, and Heng YinSyracuse University
ACSAC 2011
![Page 2: Attacks on WebView in the Android System](https://reader036.vdocuments.net/reader036/viewer/2022062310/5681634e550346895dd3ed4c/html5/thumbnails/2.jpg)
2
Agenda
Introduction WebView Threat Models Attacks from Web Pages Attack from Malicious Apps Case Studies Conclusion
2011/12/20 YLJ@adlab
![Page 3: Attacks on WebView in the Android System](https://reader036.vdocuments.net/reader036/viewer/2022062310/5681634e550346895dd3ed4c/html5/thumbnails/3.jpg)
3
Introduction WebView - enabling smartphone and
tablet (both in Android & iOS) apps to embed a simple but powerful browser inside them
Two Web's security infrastructure are weakened Trusted Computing Base (TCB) at the client
side Sandbox protection implemented by
browsers 2011/12/20 YLJ@adlab
![Page 4: Attacks on WebView in the Android System](https://reader036.vdocuments.net/reader036/viewer/2022062310/5681634e550346895dd3ed4c/html5/thumbnails/4.jpg)
4
Introduction
Two objectives of Sandbox: Same-Origin Policy(SOP) Isolate web pages from the system and
isolate the web pages of one origin from those of another
2011/12/20 YLJ@adlab
![Page 5: Attacks on WebView in the Android System](https://reader036.vdocuments.net/reader036/viewer/2022062310/5681634e550346895dd3ed4c/html5/thumbnails/5.jpg)
5
WebView(1/4)
WebView is a subclass of View, and it is used to display web pages
It enables apps to interact with the web content through its APIs From apps to web pages From web pages to apps
three types of interactions Event monitoring Invoke Java from JavaScript Invoke JavaScript from Java
2011/12/20 YLJ@adlab
![Page 6: Attacks on WebView in the Android System](https://reader036.vdocuments.net/reader036/viewer/2022062310/5681634e550346895dd3ed4c/html5/thumbnails/6.jpg)
6
WebView(2/4)
Event monitoring
2011/12/20 YLJ@adlab
![Page 7: Attacks on WebView in the Android System](https://reader036.vdocuments.net/reader036/viewer/2022062310/5681634e550346895dd3ed4c/html5/thumbnails/7.jpg)
7
WebView(3/4)
Invoke Java from JavaScript
2011/12/20 YLJ@adlab
![Page 8: Attacks on WebView in the Android System](https://reader036.vdocuments.net/reader036/viewer/2022062310/5681634e550346895dd3ed4c/html5/thumbnails/8.jpg)
8
WebView(4/4)
Invoke JavaScript from Java
2011/12/20 YLJ@adlab
![Page 9: Attacks on WebView in the Android System](https://reader036.vdocuments.net/reader036/viewer/2022062310/5681634e550346895dd3ed4c/html5/thumbnails/9.jpg)
9
Threat Models
Attacks from Malicious Web Pages
2011/12/20 YLJ@adlab
![Page 10: Attacks on WebView in the Android System](https://reader036.vdocuments.net/reader036/viewer/2022062310/5681634e550346895dd3ed4c/html5/thumbnails/10.jpg)
10
Threat Models
Attacks from Malicious Apps
2011/12/20 YLJ@adlab
![Page 11: Attacks on WebView in the Android System](https://reader036.vdocuments.net/reader036/viewer/2022062310/5681634e550346895dd3ed4c/html5/thumbnails/11.jpg)
11
Attacks from Web Pages(1/3) Through holes on the sandbox
all pages loaded in the WebView can call the same interface
DroidGap Still need permission
2011/12/20 YLJ@adlab
![Page 12: Attacks on WebView in the Android System](https://reader036.vdocuments.net/reader036/viewer/2022062310/5681634e550346895dd3ed4c/html5/thumbnails/12.jpg)
12
Attacks from Web Pages(2/3) Through Frame Confusion
2011/12/20 YLJ@adlab
![Page 13: Attacks on WebView in the Android System](https://reader036.vdocuments.net/reader036/viewer/2022062310/5681634e550346895dd3ed4c/html5/thumbnails/13.jpg)
13
Attacks from Web Pages(3/3) Through Frame Confusion
2011/12/20 YLJ@adlab
![Page 14: Attacks on WebView in the Android System](https://reader036.vdocuments.net/reader036/viewer/2022062310/5681634e550346895dd3ed4c/html5/thumbnails/14.jpg)
14
Attack from Malicious Apps(1/3) JavaScript Injection Event Sniffing and Hijacking
2011/12/20 YLJ@adlab
![Page 15: Attacks on WebView in the Android System](https://reader036.vdocuments.net/reader036/viewer/2022062310/5681634e550346895dd3ed4c/html5/thumbnails/15.jpg)
15
Attack from Malicious Apps(2/3)
JavaScript Injection Android app can inject arbitrary
JavaScript code into the pages loaded by the WebView component.
Extracting Information From WebView
2011/12/20 YLJ@adlab
![Page 16: Attacks on WebView in the Android System](https://reader036.vdocuments.net/reader036/viewer/2022062310/5681634e550346895dd3ed4c/html5/thumbnails/16.jpg)
16
Attack from Malicious Apps(3/3)
Event Sniffing and Hijacking WebView exposes an umber of hooks to
Android apps, allowing them to intercept events, and potentially change the consequences of events.
redirct URL
2011/12/20 YLJ@adlab
![Page 17: Attacks on WebView in the Android System](https://reader036.vdocuments.net/reader036/viewer/2022062310/5681634e550346895dd3ed4c/html5/thumbnails/17.jpg)
17
Case Studies
The goal is not to look for malicious or vulnerable apps, but instead to study how Android apps use WebView. Usage of WebView Usage of the WebView Hooks Usage of addJavascriptInterface
Dex2jar
2011/12/20 YLJ@adlab
![Page 18: Attacks on WebView in the Android System](https://reader036.vdocuments.net/reader036/viewer/2022062310/5681634e550346895dd3ed4c/html5/thumbnails/18.jpg)
18
Conclusion
In our on-going work, we are developing solutions to secure WebView
The goal is to defend against the attacks on WebView by building desirable security features in WebView.
2011/12/20 YLJ@adlab
![Page 19: Attacks on WebView in the Android System](https://reader036.vdocuments.net/reader036/viewer/2022062310/5681634e550346895dd3ed4c/html5/thumbnails/19.jpg)
192011/12/20 YLJ@adlab
![Page 20: Attacks on WebView in the Android System](https://reader036.vdocuments.net/reader036/viewer/2022062310/5681634e550346895dd3ed4c/html5/thumbnails/20.jpg)
202011/12/20 YLJ@adlab
![Page 21: Attacks on WebView in the Android System](https://reader036.vdocuments.net/reader036/viewer/2022062310/5681634e550346895dd3ed4c/html5/thumbnails/21.jpg)
212011/12/20 YLJ@adlab