UI Redressing Attacks on Android Devices Revisited

地址： https://www.youtube.com/watch?v=QwqZLIEP2Gc&list=PLhUfFfySNmGXVikmiEWsw0iXBZ5IWOy8O&index=5

UI Redressing Attacks on Android Devices Revisited 

Click Jacking (click hijacking): a subset of UI Redressing. Make the iframe transparent (or element transparent), the user cannot know what he is clicking. If he happens to click on a button, this button's event listener will be triggered and the click jacking succeeds.

Examples of click jacking: cursorjacking, filejacking, tabnabbing and tapjacking. 

In general the victim has to use a web browser. 

UI Redressing countermeasures: Frame buster; HTTP header: X-Frame-Options, CSP; NoScript

UI redressing: porting to android

Easily ported: Classic clickjacking, classjacking, strokejacking. (Browsers only have to support: Frames, CSS, Javascript); Nested clickjacking, filejacking (browser required features required, eg. HTML 5 attributes), tabbing, content extraction, event-recycling and SVG maskings. 

Non-tranferable attacks: cursorjacking, double clickjacking, cookiejacking (only for IE)

New browsless attacks: 基本原理：当点击前面的app时，实际上点击的是后面的透明app。

右边为前面的app，电话是后面的透明app，点击go for it时实际上播出了电话。

mitigation technique: 当app被挡住时，点击按钮不触发事件 ，i.e. setFilterTouchesWhenObscured() 或者设置android:filterTouchesWhenObscured属性，在安卓2.2及更高版本有此属性，默认not enabled. 

结论：

1.大部分传统UI redressing attack都可以在android设备上成功。

2. 在mobile phone上， 攻击者可以实现UI redressing with and without a browser

3. 措施： XFO, CSP, setFilterTouchesWhenObscured().