Screenmilker: How to Milk Your Android Screen for Secrets
Download: Paper (PDF)
Date: 22 Feb 2014
Document Type: Briefing Papers
Additional Documents: Slides
Associated Event: NDSS Symposium 2014
Many third-party Android apps such as screenshot and USB tethering require access to critical system resources. A typical way to do so is using Android Debug Bridge (ADB). However, we find that such ADB-level capabilities are not well guarded by Android. We further present Screenmilker, a situation-aware app that exploits these capabilities to stealthily extract users’ passwords in real time.