Chongqing Lei (Southeast University), Zhen Ling (Southeast University), Yue Zhang (Jinan University), Kai Dong (Southeast University), Kaizheng Liu (Southeast University), Junzhou Luo (Southeast University), Xinwen Fu (University of Massachusetts Lowell)

Android accessibility service was designed to assist individuals with disabilities in using Android devices. However, it has been exploited by attackers to steal user passwords due to design shortcomings. Google has implemented various countermeasures to make it difficult for these types of attacks to be successful on modern Android devices. In this paper, we present a new type of side channel attack called content queries (CONQUER) that can bypass these defenses. We discovered that Android does not prevent the content of passwords from being queried by the accessibility service, allowing malware with this service enabled to enumerate the combinations of content to brute force the password. While this attack seems simple to execute, there are several challenges that must be addressed in order to successfully launch it against real-world apps. These include the use of lazy query to differentiate targeted password strings, active query to determine the right timing for the attack, and timing- and state-based side channels to infer case-sensitive passwords. Our evaluation results demonstrate that the CONQUER attack is effective at stealing passwords, with an average one-time success rate of 64.91%. This attack also poses a threat to all Android versions from 4.1 to 12, and can be used against tens of thousands of apps. In addition, we analyzed the root cause of the CONQUER attack and discussed several countermeasures to mitigate the potential security risks it poses.

View More Papers

Augmented Reality’s Potential for Identifying and Mitigating Home Privacy...

Stefany Cruz (Northwestern University), Logan Danek (Northwestern University), Shinan Liu (University of Chicago), Christopher Kraemer (Georgia Institute of Technology), Zixin Wang (Zhejiang University), Nick Feamster (University of Chicago), Danny Yuxing Huang (New York University), Yaxing Yao (University of Maryland), Josiah Hester (Georgia Institute of Technology)

Read More

Death By A Thousand COTS: Disrupting Satellite Communications using...

Frederick Rawlins, Richard Baker and Ivan Martinovic (University of Oxford) Presenter: Frederick Rawlins

Read More

Anomaly Detection in the Open World: Normality Shift Detection,...

Dongqi Han (Tsinghua University), Zhiliang Wang (Tsinghua University), Wenqi Chen (Tsinghua University), Kai Wang (Tsinghua University), Rui Yu (Tsinghua University), Su Wang (Tsinghua University), Han Zhang (Tsinghua University), Zhihua Wang (State Grid Shanghai Municipal Electric Power Company), Minghui Jin (State Grid Shanghai Municipal Electric Power Company), Jiahai Yang (Tsinghua University), Xingang Shi (Tsinghua University), Xia…

Read More

Drone Security and the Mysterious Case of DJI's DroneID

Nico Schiller (Ruhr-Universität Bochum), Merlin Chlosta (CISPA Helmholtz Center for Information Security), Moritz Schloegel (Ruhr-Universität Bochum), Nils Bars (Ruhr University Bochum), Thorsten Eisenhofer (Ruhr University Bochum), Tobias Scharnowski (Ruhr-University Bochum), Felix Domke (Independent), Lea Schönherr (CISPA Helmholtz Center for Information Security), Thorsten Holz (CISPA Helmholtz Center for Information Security)

Read More