Forum for Science, Industry and Business

Sponsored by:     3M 
Search our Site:

 

Feature stops apps from stealing phone users' passwords

27.06.2013
Imagine downloading a NetFlix app to your phone so that you can watch movies on the go. You would expect the app to request your account's username and password the first time it runs. Most apps do.

But, not all apps are what they appear to be. They can steal log-in and password information. In 2011, researchers at North Carolina State University discovered a convincing imitation of the real Netflix app that forwarded users' login details to an untrusted server. And, in June, the security firm F-Secure discovered a malicious, fake version of the popular game "Bad Piggies" in the Google Play Store.

Attacks like these are rare, said Duke computer scientist Landon Cox, but, "we will likely see more of them in the future." To protect users against the threat of malicious apps, Cox and his team have built ScreenPass. ScreenPass adds new features to an Android phone's operating system to prevent malicious apps from stealing a user's passwords.

"Passwords are a critical glue between mobile apps and remote cloud services," Cox said. "The problem right now is that users have no idea what happens to the passwords they give to their apps."

This is where ScreenPass comes in. It provides a special-purpose software keyboard for users to securely enter sensitive text such as passwords. An area below the keyboard allows users to tell ScreenPass where they want their text sent, such as Google, Facebook, or Twitter. ScreenPass then tracks a users' password data as the app runs and notifies the user if an app tries to send a password to the wrong place.

ScreenPass guarantees that users always input passwords through the secure keyboard. It does this by using computer vision to periodically scan the screen for untrusted keyboards.

"If a malicious app can trick a user into inputting their password through a fake keyboard, then there is no way to guarantee that an app's password is sent only to the right servers," Cox said. If ScreenPass detects an untrusted keyboard, then an app may be trying to "spoof" the secure keyboard in order to steal the user's password.

Cox and his team presented ScreenPass at the MobiSys 2013 conference in Taipei on June 27.

In trials on a prototype phone, ScreenPass detected attack keyboards that tried to avoid detection by changing the font, color, and blurriness of letters on the keys. "The only attack keyboard that ScreenPass could not detect was a keyboard with a flowery background that blended in with the keyboard letters," Cox said.

He and his team also installed ScreenPass on the phones of 18 volunteers for three weeks to test how user-friendly it was. Users reported no additional burden at having to tell ScreenPass where their passwords should be sent.

Finally, testing ScreenPass on 27 apps from the Android Marketplace, the team found three apps sent passwords over the network in plaintext, four stored passwords in the local file system without encryption, and three apps sent passwords from different domains to a third-party server owned by the app developer. Cox would not provide the names of the apps, but said ScreenPass also easily detected the fake Netflix app.

Cox's team plans to make ScreenPass publicly available to continue to improve smartphone password security.

Citation: "ScreenPass: Secure Password Entry on Touchscreen Devices." Liu, D. et. al. MobiSys 2013. June 27, 2013.

Ashley Yeager | EurekAlert!
Further information:
http://www.duke.edu

More articles from Information Technology:

nachricht Putting food-safety detection in the hands of consumers
15.11.2018 | Massachusetts Institute of Technology

nachricht Next stop Morocco: EU partners test innovative space robotics technologies in the Sahara desert
09.11.2018 | Deutsches Forschungszentrum für Künstliche Intelligenz GmbH, DFKI

All articles from Information Technology >>>

The most recent press releases about innovation >>>

Die letzten 5 Focus-News des innovations-reports im Überblick:

Im Focus: A Chip with Blood Vessels

Biochips have been developed at TU Wien (Vienna), on which tissue can be produced and examined. This allows supplying the tissue with different substances in a very controlled way.

Cultivating human cells in the Petri dish is not a big challenge today. Producing artificial tissue, however, permeated by fine blood vessels, is a much more...

Im Focus: A Leap Into Quantum Technology

Faster and secure data communication: This is the goal of a new joint project involving physicists from the University of Würzburg. The German Federal Ministry of Education and Research funds the project with 14.8 million euro.

In our digital world data security and secure communication are becoming more and more important. Quantum communication is a promising approach to achieve...

Im Focus: Research icebreaker Polarstern begins the Antarctic season

What does it look like below the ice shelf of the calved massive iceberg A68?

On Saturday, 10 November 2018, the research icebreaker Polarstern will leave its homeport of Bremerhaven, bound for Cape Town, South Africa.

Im Focus: Penn engineers develop ultrathin, ultralight 'nanocardboard'

When choosing materials to make something, trade-offs need to be made between a host of properties, such as thickness, stiffness and weight. Depending on the application in question, finding just the right balance is the difference between success and failure

Now, a team of Penn Engineers has demonstrated a new material they call "nanocardboard," an ultrathin equivalent of corrugated paper cardboard. A square...

Im Focus: Coping with errors in the quantum age

Physicists at ETH Zurich demonstrate how errors that occur during the manipulation of quantum system can be monitored and corrected on the fly

The field of quantum computation has seen tremendous progress in recent years. Bit by bit, quantum devices start to challenge conventional computers, at least...

All Focus news of the innovation-report >>>

Anzeige

Anzeige

VideoLinks
Industry & Economy
Event News

“3rd Conference on Laser Polishing – LaP 2018” Attracts International Experts and Users

09.11.2018 | Event News

On the brain’s ability to find the right direction

06.11.2018 | Event News

European Space Talks: Weltraumschrott – eine Gefahr für die Gesellschaft?

23.10.2018 | Event News

 
Latest News

Massive impact crater from a kilometer-wide iron meteorite discovered in Greenland

15.11.2018 | Earth Sciences

When electric fields make spins swirl

15.11.2018 | Physics and Astronomy

Discovery of a cool super-Earth

15.11.2018 | Physics and Astronomy

VideoLinks
Science & Research
Overview of more VideoLinks >>>