But, not all apps are what they appear to be. They can steal log-in and password information. In 2011, researchers at North Carolina State University discovered a convincing imitation of the real Netflix app that forwarded users' login details to an untrusted server. And, in June, the security firm F-Secure discovered a malicious, fake version of the popular game "Bad Piggies" in the Google Play Store.
Attacks like these are rare, said Duke computer scientist Landon Cox, but, "we will likely see more of them in the future." To protect users against the threat of malicious apps, Cox and his team have built ScreenPass. ScreenPass adds new features to an Android phone's operating system to prevent malicious apps from stealing a user's passwords.
"Passwords are a critical glue between mobile apps and remote cloud services," Cox said. "The problem right now is that users have no idea what happens to the passwords they give to their apps."
This is where ScreenPass comes in. It provides a special-purpose software keyboard for users to securely enter sensitive text such as passwords. An area below the keyboard allows users to tell ScreenPass where they want their text sent, such as Google, Facebook, or Twitter. ScreenPass then tracks a users' password data as the app runs and notifies the user if an app tries to send a password to the wrong place.
ScreenPass guarantees that users always input passwords through the secure keyboard. It does this by using computer vision to periodically scan the screen for untrusted keyboards.
"If a malicious app can trick a user into inputting their password through a fake keyboard, then there is no way to guarantee that an app's password is sent only to the right servers," Cox said. If ScreenPass detects an untrusted keyboard, then an app may be trying to "spoof" the secure keyboard in order to steal the user's password.
Cox and his team presented ScreenPass at the MobiSys 2013 conference in Taipei on June 27.
In trials on a prototype phone, ScreenPass detected attack keyboards that tried to avoid detection by changing the font, color, and blurriness of letters on the keys. "The only attack keyboard that ScreenPass could not detect was a keyboard with a flowery background that blended in with the keyboard letters," Cox said.
He and his team also installed ScreenPass on the phones of 18 volunteers for three weeks to test how user-friendly it was. Users reported no additional burden at having to tell ScreenPass where their passwords should be sent.
Finally, testing ScreenPass on 27 apps from the Android Marketplace, the team found three apps sent passwords over the network in plaintext, four stored passwords in the local file system without encryption, and three apps sent passwords from different domains to a third-party server owned by the app developer. Cox would not provide the names of the apps, but said ScreenPass also easily detected the fake Netflix app.
Cox's team plans to make ScreenPass publicly available to continue to improve smartphone password security.
Citation: "ScreenPass: Secure Password Entry on Touchscreen Devices." Liu, D. et. al. MobiSys 2013. June 27, 2013.
Ashley Yeager | EurekAlert!
Cutting edge research for the industries of tomorrow – DFKI and NICT expand cooperation
21.03.2017 | Deutsches Forschungszentrum für Künstliche Intelligenz GmbH, DFKI
Molecular motor-powered biocomputers
20.03.2017 | Technische Universität Dresden
The Institute of Semiconductor Technology and the Institute of Physical and Theoretical Chemistry, both members of the Laboratory for Emerging Nanometrology (LENA), at Technische Universität Braunschweig are partners in a new European research project entitled ChipScope, which aims to develop a completely new and extremely small optical microscope capable of observing the interior of living cells in real time. A consortium of 7 partners from 5 countries will tackle this issue with very ambitious objectives during a four-year research program.
To demonstrate the usefulness of this new scientific tool, at the end of the project the developed chip-sized microscope will be used to observe in real-time...
Astronomers from Bonn and Tautenburg in Thuringia (Germany) used the 100-m radio telescope at Effelsberg to observe several galaxy clusters. At the edges of these large accumulations of dark matter, stellar systems (galaxies), hot gas, and charged particles, they found magnetic fields that are exceptionally ordered over distances of many million light years. This makes them the most extended magnetic fields in the universe known so far.
The results will be published on March 22 in the journal „Astronomy & Astrophysics“.
Galaxy clusters are the largest gravitationally bound structures in the universe. With a typical extent of about 10 million light years, i.e. 100 times the...
Researchers at the Goethe University Frankfurt, together with partners from the University of Tübingen in Germany and Queen Mary University as well as Francis Crick Institute from London (UK) have developed a novel technology to decipher the secret ubiquitin code.
Ubiquitin is a small protein that can be linked to other cellular proteins, thereby controlling and modulating their functions. The attachment occurs in many...
In the eternal search for next generation high-efficiency solar cells and LEDs, scientists at Los Alamos National Laboratory and their partners are creating...
Silicon nanosheets are thin, two-dimensional layers with exceptional optoelectronic properties very similar to those of graphene. Albeit, the nanosheets are less stable. Now researchers at the Technical University of Munich (TUM) have, for the first time ever, produced a composite material combining silicon nanosheets and a polymer that is both UV-resistant and easy to process. This brings the scientists a significant step closer to industrial applications like flexible displays and photosensors.
Silicon nanosheets are thin, two-dimensional layers with exceptional optoelectronic properties very similar to those of graphene. Albeit, the nanosheets are...
20.03.2017 | Event News
14.03.2017 | Event News
07.03.2017 | Event News
28.03.2017 | Physics and Astronomy
28.03.2017 | Health and Medicine
28.03.2017 | Life Sciences