Generating smartphone phishing applications for deception based defense
thesisposted on 27.10.2017 by Kruti Sharma
In order to distinguish essays and pre-prints from academic theses, we have a separate category. These are often much longer text based documents than a paper.
Graphical User Interface (GUI)-based APplications (GAPs) are ubiquitous, both in personal and business use and they are deployed on diverse software and hardware platforms. Android has been increasingly adopted as operating system for smartphones and is gaining popularity. With this increase, the smartphones are now built with capabilities to assist Users With Disabilities (UWDs). There are close to 50Mil people in USA and nearly 600Mil people worldwide who have some form of disability ranging from vision impairment to hearing etc. UWDs need specialized assistance with GAPs. Accessibility Services (AS) are embedded in smartphones to assist UWDs with GUI interaction but these mobile assistive technologies are fundamentally insecure thus exposing smartphones to a variety of attacks. SEAPHISH (SEcuring Accessibility using PHISHing) platform aims to analyze security issues and threats posed by AS which can effectively simulate the human user of the smartphone. The platform uses existing mobile apps which are already installed on the users smartphones to extract GUI properties via AS to generate a similar looking app i.e. a phishing app. These phished apps can help in predicting and mitigating security threats posed by malicious applications using deception as a base for defense.