Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » Credentials can be stolen in UI state inference attack

Credentials can be stolen in UI state inference attack

2014/08/22

Softpedia - (International) Researchers presenting at the USENIX Security Symposium published a paper outlining a new form of attack called a user interface (UI) inference attack that can steal Android users' credentials by conducting a side-channel attack relying on a common shared-memory mechanism used by window managers. The attack uses a malicious app that does not require permissions and the researchers believe that the same vulnerability likely exists in other operating systems such as iOS, Windows, and OSX.

Source: http://news.softpedia.com/news/Credentials-Can-Be-Stolen-In-UI-State-Inference-Attack-456028.shtml

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:21:27