Author(s): Chia-Chi Lin, Hongyang Li, Xiaoyong Zhou, XiaoFeng Wang

Download: Paper (PDF)

Date: 22 Feb 2014

Document Type: Briefing Papers

Additional Documents: Slides

Associated Event: NDSS Symposium 2014


Many third-party Android apps such as screenshot and USB tethering require access to critical system resources. A typical way to do so is using Android Debug Bridge (ADB). However, we find that such ADB-level capabilities are not well guarded by Android. We further present Screenmilker, a situation-aware app that exploits these capabilities to stealthily extract users’ passwords in real time.