Inishing: A UI Phishing Attack to Exploit the Vulnerability of Inotify in Android Smartphones

Woo Hyun AHN  Sanghyeon PARK  Jaewon OH  Seung-Ho LIM  

IEICE TRANSACTIONS on Information and Systems   Vol.E99-D   No.9   pp.2404-2409
Publication Date: 2016/09/01
Online ISSN: 1745-1361
DOI: 10.1587/transinf.2015EDL8188
Type of Manuscript: LETTER
Category: Dependable Computing
security,  Android OS,  malware,  inotify,  phishing attack,  

Full Text: PDF>>
Buy this Article

In Android OS, we discover that a notification service called inotify is a new side-channel allowing malware to identify file accesses associated with the display of a security-relevant UI screen. This paper proposes a phishing attack that detects victim UI screens by their file accesses in applications and steals private information.