Forum for Science, Industry and Business

Sponsored by:     3M 
Search our Site:

 

Feature stops apps from stealing phone users' passwords

27.06.2013
Imagine downloading a NetFlix app to your phone so that you can watch movies on the go. You would expect the app to request your account's username and password the first time it runs. Most apps do.

But, not all apps are what they appear to be. They can steal log-in and password information. In 2011, researchers at North Carolina State University discovered a convincing imitation of the real Netflix app that forwarded users' login details to an untrusted server. And, in June, the security firm F-Secure discovered a malicious, fake version of the popular game "Bad Piggies" in the Google Play Store.

Attacks like these are rare, said Duke computer scientist Landon Cox, but, "we will likely see more of them in the future." To protect users against the threat of malicious apps, Cox and his team have built ScreenPass. ScreenPass adds new features to an Android phone's operating system to prevent malicious apps from stealing a user's passwords.

"Passwords are a critical glue between mobile apps and remote cloud services," Cox said. "The problem right now is that users have no idea what happens to the passwords they give to their apps."

This is where ScreenPass comes in. It provides a special-purpose software keyboard for users to securely enter sensitive text such as passwords. An area below the keyboard allows users to tell ScreenPass where they want their text sent, such as Google, Facebook, or Twitter. ScreenPass then tracks a users' password data as the app runs and notifies the user if an app tries to send a password to the wrong place.

ScreenPass guarantees that users always input passwords through the secure keyboard. It does this by using computer vision to periodically scan the screen for untrusted keyboards.

"If a malicious app can trick a user into inputting their password through a fake keyboard, then there is no way to guarantee that an app's password is sent only to the right servers," Cox said. If ScreenPass detects an untrusted keyboard, then an app may be trying to "spoof" the secure keyboard in order to steal the user's password.

Cox and his team presented ScreenPass at the MobiSys 2013 conference in Taipei on June 27.

In trials on a prototype phone, ScreenPass detected attack keyboards that tried to avoid detection by changing the font, color, and blurriness of letters on the keys. "The only attack keyboard that ScreenPass could not detect was a keyboard with a flowery background that blended in with the keyboard letters," Cox said.

He and his team also installed ScreenPass on the phones of 18 volunteers for three weeks to test how user-friendly it was. Users reported no additional burden at having to tell ScreenPass where their passwords should be sent.

Finally, testing ScreenPass on 27 apps from the Android Marketplace, the team found three apps sent passwords over the network in plaintext, four stored passwords in the local file system without encryption, and three apps sent passwords from different domains to a third-party server owned by the app developer. Cox would not provide the names of the apps, but said ScreenPass also easily detected the fake Netflix app.

Cox's team plans to make ScreenPass publicly available to continue to improve smartphone password security.

Citation: "ScreenPass: Secure Password Entry on Touchscreen Devices." Liu, D. et. al. MobiSys 2013. June 27, 2013.

Ashley Yeager | EurekAlert!
Further information:
http://www.duke.edu

More articles from Information Technology:

nachricht Construction of practical quantum computers radically simplified
05.12.2016 | University of Sussex

nachricht UT professor develops algorithm to improve online mapping of disaster areas
29.11.2016 | University of Tennessee at Knoxville

All articles from Information Technology >>>

The most recent press releases about innovation >>>

Die letzten 5 Focus-News des innovations-reports im Überblick:

Im Focus: Shape matters when light meets atom

Mapping the interaction of a single atom with a single photon may inform design of quantum devices

Have you ever wondered how you see the world? Vision is about photons of light, which are packets of energy, interacting with the atoms or molecules in what...

Im Focus: Novel silicon etching technique crafts 3-D gradient refractive index micro-optics

A multi-institutional research collaboration has created a novel approach for fabricating three-dimensional micro-optics through the shape-defined formation of porous silicon (PSi), with broad impacts in integrated optoelectronics, imaging, and photovoltaics.

Working with colleagues at Stanford and The Dow Chemical Company, researchers at the University of Illinois at Urbana-Champaign fabricated 3-D birefringent...

Im Focus: Quantum Particles Form Droplets

In experiments with magnetic atoms conducted at extremely low temperatures, scientists have demonstrated a unique phase of matter: The atoms form a new type of quantum liquid or quantum droplet state. These so called quantum droplets may preserve their form in absence of external confinement because of quantum effects. The joint team of experimental physicists from Innsbruck and theoretical physicists from Hannover report on their findings in the journal Physical Review X.

“Our Quantum droplets are in the gas phase but they still drop like a rock,” explains experimental physicist Francesca Ferlaino when talking about the...

Im Focus: MADMAX: Max Planck Institute for Physics takes up axion research

The Max Planck Institute for Physics (MPP) is opening up a new research field. A workshop from November 21 - 22, 2016 will mark the start of activities for an innovative axion experiment. Axions are still only purely hypothetical particles. Their detection could solve two fundamental problems in particle physics: What dark matter consists of and why it has not yet been possible to directly observe a CP violation for the strong interaction.

The “MADMAX” project is the MPP’s commitment to axion research. Axions are so far only a theoretical prediction and are difficult to detect: on the one hand,...

Im Focus: Molecules change shape when wet

Broadband rotational spectroscopy unravels structural reshaping of isolated molecules in the gas phase to accommodate water

In two recent publications in the Journal of Chemical Physics and in the Journal of Physical Chemistry Letters, researchers around Melanie Schnell from the Max...

All Focus news of the innovation-report >>>

Anzeige

Anzeige

Event News

ICTM Conference 2017: Production technology for turbomachine manufacturing of the future

16.11.2016 | Event News

Innovation Day Laser Technology – Laser Additive Manufacturing

01.11.2016 | Event News

#IC2S2: When Social Science meets Computer Science - GESIS will host the IC2S2 conference 2017

14.10.2016 | Event News

 
Latest News

High-precision magnetic field sensing

05.12.2016 | Power and Electrical Engineering

Construction of practical quantum computers radically simplified

05.12.2016 | Information Technology

NASA's AIM observes early noctilucent ice clouds over Antarctica

05.12.2016 | Earth Sciences

VideoLinks
B2B-VideoLinks
More VideoLinks >>>