Please use this identifier to cite or link to this item:
https://www.um.edu.mt/library/oar/handle/123456789/91722
Full metadata record
DC Field | Value | Language |
---|---|---|
dc.date.accessioned | 2022-03-17T16:49:26Z | - |
dc.date.available | 2022-03-17T16:49:26Z | - |
dc.date.issued | 2019 | - |
dc.identifier.citation | Bellizzi, J., Vella, M., & Colombo, C. (2019). Living off Android’s accessible land. Computer Science Annual Workshop (No. CS-2019-03). University of Malta | en_GB |
dc.identifier.uri | https://www.um.edu.mt/library/oar/handle/123456789/91722 | - |
dc.description.abstract | Android’s accessibility services provide individuals having disabilities, including visual, hearing, physical, and/or speech impairments, with tools to enhance their ability to access and interact with apps. Even though this feature was originally intended exclusively for users with disabilities, this is not always the case. Besides being used to automate processes in apps such as password managers (e.g., Lastpass), malware is also abusing this powerful feature to perform nefarious operations. In this talk, we demonstrate how accessibility can be used to bypass assumed security features. By using a ‘living off the land’ (LOtL) approach, malware is able to use accessibility to piggyback on existing applications to grant it full access to their privileged functionality whilst achieving long-term stealth. This is demonstrated through a number of use cases including an SMS hijack implementation and Whatsapp message theft and exfiltration, all of which are executed using only the accessibility permission. These use cases will form a basis for the development of a pentest tool which will be used to perform a threat analysis on the permissions that can be bypassed through the use of accessibility across different Android versions and configurations. | en_GB |
dc.language.iso | en | en_GB |
dc.publisher | University of Malta. Department of Computer Science | en_GB |
dc.rights | info:eu-repo/semantics/restrictedAccess | en_GB |
dc.subject | Androids | en_GB |
dc.subject | Assistive computer technology | en_GB |
dc.subject | Malware (Computer software) | en_GB |
dc.title | Living off Android’s accessible land | en_GB |
dc.title.alternative | Computer science annual workshop | en_GB |
dc.type | report | en_GB |
dc.rights.holder | The copyright of this work belongs to the author(s)/publisher. The rights of this work are as defined by the appropriate Copyright Legislation or as modified by any successive legislation. Users may access this work and can make use of the information contained in accordance with the Copyright Legislation provided that the author must be properly acknowledged. Further distribution or reproduction in any format is prohibited without the prior permission of the copyright holder | en_GB |
dc.description.reviewed | N/A | en_GB |
dc.contributor.creator | Leguesse, Yonas | - |
dc.contributor.creator | Vella, Mark Joseph | - |
dc.contributor.creator | Colombo, Christian | - |
Appears in Collections: | Scholarly Works - FacICTCS |
Files in This Item:
File | Description | Size | Format | |
---|---|---|---|---|
Living_off_androids_accessible_land.pdf Restricted Access | 167.97 kB | Adobe PDF | View/Open Request a copy |
Items in OAR@UM are protected by copyright, with all rights reserved, unless otherwise indicated.