Searching for just a few words should be enough to get started. If you need to make more complex queries, use the tips below to guide you.
Article type: Research Article
Authors: Diao, Wenruia; * | Liu, Ruib | Liu, Xiangyuc | Zhou, Zhed | Li, Zhoue | Zhang, Kehuanf
Affiliations: [a] Jinan University, Guangzhou, China | [b] The University of Chicago, Chicago, IL, USA | [c] Alibaba Inc., Hangzhou, China | [d] Fudan University, Shanghai, China | [e] ACM Member, Boston, MA, USA | [f] The Chinese University of Hong Kong, Hong Kong
Correspondence: [*] Corresponding author. E-mail: diaowenrui@link.cuhk.edu.hk.
Note: [1] A preliminary version of this paper appears in the Proceedings of the 20th European Symposium on Research in Computer Security (ESORICS 2015) [15].
Note: [2] The project website is https://sites.google.com/site/imedemo.
Abstract: Input Method Editor (IME) is an indispensable component on current smartphones. With its assistance, the number of key presses is reduced, and non-Latin characters could be inputted. Furthermore, modern IMEs integrate several personalized features like reordering suggestion lists and predicting the next words based on user’s input history. Such optimization improves the user experience but turns the IME dictionary into a pool of user privacy. Previous works have discussed the privacy risks coming from malicious IMEs. Indeed, they could cause security and privacy issues if installed by common users, but their impact is limited as the majority of IMEs are well-behaved. However, whether legitimate IMEs are bullet-proof is not answered before. In this paper, we make the first attempt to study the security implications of IME personalization and the back-end infrastructure on Android devices. In the end, we identify a critical vulnerability lying under the Android KeyEvent processing framework, which can be exploited to launch cross-app KeyEvent injection (CAKI) attack and bypass the app-isolation mechanism. By abusing such design flaw, an adversary can harvest entries from the personalized user dictionary of IME through an ostensibly innocuous app only asking for common permissions. Our evaluation over a broad spectrum of Android OSes, devices, and IMEs suggests such issue should be fixed immediately. All Android versions we examined (from very old 2.3.4 to the latest 6.0.1) and most IME apps we surveyed (11 out of 18) are vulnerable. User’s private information, like contact names, location, etc., can be easily exfiltrated. Up to hundreds of millions of mobile users are under this threat. To mitigate this security issue, we propose a practical defense mechanism which augments the existing KeyEvent processing framework without forcing any change to IME apps.
Keywords: Android, smart IME, privacy leakage, system flaw
DOI: 10.3233/JCS-16909
Journal: Journal of Computer Security, vol. 26, no. 3, pp. 283-309, 2018
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
USA
Tel: +1 703 830 6300
Fax: +1 703 830 2300
sales@iospress.com
For editorial issues, like the status of your submitted paper or proposals, write to editorial@iospress.nl
IOS Press
Nieuwe Hemweg 6B
1013 BG Amsterdam
The Netherlands
Tel: +31 20 688 3355
Fax: +31 20 687 0091
info@iospress.nl
For editorial issues, permissions, book requests, submissions and proceedings, contact the Amsterdam office info@iospress.nl
Inspirees International (China Office)
Ciyunsi Beili 207(CapitaLand), Bld 1, 7-901
100025, Beijing
China
Free service line: 400 661 8717
Fax: +86 10 8446 7947
china@iospress.cn
For editorial issues, like the status of your submitted paper or proposals, write to editorial@iospress.nl
如果您在出版方面需要帮助或有任何建, 件至: editorial@iospress.nl