International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News item: 18 July 2015

Luka Malisa, Kari Kostiainen, Srdjan Capkun
ePrint Report ePrint Report
Mobile application spoofing is an attack where a malicious mobile application

mimics the visual appearance of another one. If such an attack is successful,

the integrity of what the user sees as well as the confidentiality of what she

inputs into the system can be violated by the adversary. A common example of

mobile application spoofing is a phishing attack where the adversary tricks the

user into revealing her password to a malicious application that resembles the

legitimate one.

In this work, we propose a novel approach for addressing mobile application

spoofing attacks by leveraging the visual similarity of application screens. We

use deception rate as a novel metric for measuring how many users would confuse

a spoofing application for the genuine one. We conducted a large-scale online

study where participants evaluated spoofing samples of popular mobile

applications. We used the study results to design and implement a prototype

spoofing detection system, tailored to the estimation of deception rate for

mobile application login screens.

Expand

Additional news items may be found on the IACR news page.