Your browser does not support JavaScript!

Post-graduate theses

Current Record: 88 of 824

Back to Results Previous page
Next page
Add to Basket
[Add to Basket]
Identifier 000441193
Title This greedy piggy went to the Ad market : stealing users' (Input) data using mobile sensors
Author Μουστάκας, Σεραφείμ Ι.
Thesis advisor Μαρκάτος, Ευάγγελος
Reviewer Ιωαννίδης, Σωτήριος
Χριστοφίδης, Βασίλης
Abstract Mobile sensors in modern smartphones play a crucial role in the human-computer confluence by enhancing and transforming the user experience. However, misuse of mobile sensors combined with the absence of sufficient access control mechanisms introduce a plethora of privacy and security risks. As previously demonstrated, there is a wide range of sensor-based attacks using the rich data captured from mobile sensors and while previous attack paths depended on specific requirements such as malware or visiting a webpage; we found that an alternative and stealthier approach exists and affects all Android users without any requirements. In this thesis we introduce a novel attack channel, that abuses the advertising ecosystem for delivering a variety of sophisticated and sneaky attacks using mobile sensors. The proposed threat-model does not depend on app permissions or user specific actions and affects all Android apps that contain in-app advertisements due to improper access control for sensor data in WebViews. We explain how motion sensor data can be used to infer user’s sensitive touch input (pin, password, credit card info, etc.) in two distinct attacks scenarios, namely intra and inter-app data exfiltration. The former targets information obtained from the app that display the in-app ads, while the latter targets every other Android app installed on the device. Unfortunately, as in-app ads have the ability to "piggyback" on the permissions obtained for the app’s core functionality they can also obtain information from other sensors such as the camera, the microphone and the GPS. To provide a comprehensive assessment of this emerging threat, we conduct a large-scale, end-to-end, dynamic analysis of in-app ads that access mobile sensors in applications found in Google Play. We find that in-app ads access and leak data obtained from motion sensors in the wild and emphasize the need for a strict access control policy that should be adopted and standardized to better protect users and the advertising ecosystem.
Language English
Subject Android
Digital advertising
Privacy
Security
Issue date 2021-07-30
Collection   School/Department--School of Sciences and Engineering--Department of Computer Science--Post-graduate theses
  Type of Work--Post-graduate theses
Permanent Link https://elocus.lib.uoc.gr//dlib/f/7/5/metadata-dlib-1626160341-827749-2012.tkl Bookmark and Share
Views 521

Digital Documents
No preview available

No permission to view document.
It won't be available until: 2024-07-30