But, not all apps are what they appear to be. They can steal log-in and password information. In 2011, researchers at North Carolina State University discovered a convincing imitation of the real Netflix app that forwarded users' login details to an untrusted server. And, in June, the security firm F-Secure discovered a malicious, fake version of the popular game "Bad Piggies" in the Google Play Store.
Attacks like these are rare, said Duke computer scientist Landon Cox, but, "we will likely see more of them in the future." To protect users against the threat of malicious apps, Cox and his team have built ScreenPass. ScreenPass adds new features to an Android phone's operating system to prevent malicious apps from stealing a user's passwords.
"Passwords are a critical glue between mobile apps and remote cloud services," Cox said. "The problem right now is that users have no idea what happens to the passwords they give to their apps."
This is where ScreenPass comes in. It provides a special-purpose software keyboard for users to securely enter sensitive text such as passwords. An area below the keyboard allows users to tell ScreenPass where they want their text sent, such as Google, Facebook, or Twitter. ScreenPass then tracks a users' password data as the app runs and notifies the user if an app tries to send a password to the wrong place.
ScreenPass guarantees that users always input passwords through the secure keyboard. It does this by using computer vision to periodically scan the screen for untrusted keyboards.
"If a malicious app can trick a user into inputting their password through a fake keyboard, then there is no way to guarantee that an app's password is sent only to the right servers," Cox said. If ScreenPass detects an untrusted keyboard, then an app may be trying to "spoof" the secure keyboard in order to steal the user's password.
Cox and his team presented ScreenPass at the MobiSys 2013 conference in Taipei on June 27.
In trials on a prototype phone, ScreenPass detected attack keyboards that tried to avoid detection by changing the font, color, and blurriness of letters on the keys. "The only attack keyboard that ScreenPass could not detect was a keyboard with a flowery background that blended in with the keyboard letters," Cox said.
He and his team also installed ScreenPass on the phones of 18 volunteers for three weeks to test how user-friendly it was. Users reported no additional burden at having to tell ScreenPass where their passwords should be sent.
Finally, testing ScreenPass on 27 apps from the Android Marketplace, the team found three apps sent passwords over the network in plaintext, four stored passwords in the local file system without encryption, and three apps sent passwords from different domains to a third-party server owned by the app developer. Cox would not provide the names of the apps, but said ScreenPass also easily detected the fake Netflix app.
Cox's team plans to make ScreenPass publicly available to continue to improve smartphone password security.
Citation: "ScreenPass: Secure Password Entry on Touchscreen Devices." Liu, D. et. al. MobiSys 2013. June 27, 2013.
Ashley Yeager | EurekAlert!
Paint job transforms walls into sensors, interactive surfaces
24.04.2018 | Carnegie Mellon University
Researchers illuminate the path to a new era of microelectronics
23.04.2018 | Boston University College of Engineering
At the Hannover Messe 2018, the Bundesanstalt für Materialforschung und-prüfung (BAM) will show how, in the future, astronauts could produce their own tools or spare parts in zero gravity using 3D printing. This will reduce, weight and transport costs for space missions. Visitors can experience the innovative additive manufacturing process live at the fair.
Powder-based additive manufacturing in zero gravity is the name of the project in which a component is produced by applying metallic powder layers and then...
Physicists at the Laboratory for Attosecond Physics, which is jointly run by Ludwig-Maximilians-Universität and the Max Planck Institute of Quantum Optics, have developed a high-power laser system that generates ultrashort pulses of light covering a large share of the mid-infrared spectrum. The researchers envisage a wide range of applications for the technology – in the early diagnosis of cancer, for instance.
Molecules are the building blocks of life. Like all other organisms, we are made of them. They control our biorhythm, and they can also reflect our state of...
University of Connecticut researchers have created a biodegradable composite made of silk fibers that can be used to repair broken load-bearing bones without the complications sometimes presented by other materials.
Repairing major load-bearing bones such as those in the leg can be a long and uncomfortable process.
Study published in the journal ACS Applied Materials & Interfaces is the outcome of an international effort that included teams from Dresden and Berlin in Germany, and the US.
Scientists at the Helmholtz-Zentrum Dresden-Rossendorf (HZDR) together with colleagues from the Helmholtz-Zentrum Berlin (HZB) and the University of Virginia...
Novel highly efficient and brilliant gamma-ray source: Based on model calculations, physicists of the Max PIanck Institute for Nuclear Physics in Heidelberg propose a novel method for an efficient high-brilliance gamma-ray source. A giant collimated gamma-ray pulse is generated from the interaction of a dense ultra-relativistic electron beam with a thin solid conductor. Energetic gamma-rays are copiously produced as the electron beam splits into filaments while propagating across the conductor. The resulting gamma-ray energy and flux enable novel experiments in nuclear and fundamental physics.
The typical wavelength of light interacting with an object of the microcosm scales with the size of this object. For atoms, this ranges from visible light to...
13.04.2018 | Event News
12.04.2018 | Event News
09.04.2018 | Event News
24.04.2018 | Life Sciences
24.04.2018 | Materials Sciences
24.04.2018 | Trade Fair News