{"id":1490,"date":"2015-02-11T12:09:57","date_gmt":"2015-02-11T10:09:57","guid":{"rendered":"http:\/\/sseblog.ec-spride.de\/?p=1490"},"modified":"2015-02-11T12:09:57","modified_gmt":"2015-02-11T10:09:57","slug":"google-confirms-tapjacking-attack","status":"publish","type":"post","link":"https:\/\/blogs.uni-paderborn.de\/sse\/2015\/02\/11\/google-confirms-tapjacking-attack\/","title":{"rendered":"Google Confirms Tapjacking Attack &#8211; Likely All Versions Are Affected!"},"content":{"rendered":"<div class=\"twoclick_social_bookmarks_post_1490 social_share_privacy clearfix 1.6.4 locale-en_US sprite-en_US\"><\/div><div class=\"twoclick-js\"><script type=\"text\/javascript\">\/* <![CDATA[ *\/\njQuery(document).ready(function($){if($('.twoclick_social_bookmarks_post_1490')){$('.twoclick_social_bookmarks_post_1490').socialSharePrivacy({\"txt_help\":\"Wenn Sie diese Felder durch einen Klick aktivieren, werden Informationen an Facebook, Twitter, Flattr, Xing, t3n, LinkedIn, Pinterest oder Google eventuell ins Ausland \\u00fcbertragen und unter Umst\\u00e4nden auch dort gespeichert. N\\u00e4heres erfahren Sie durch einen Klick auf das <em>i<\\\/em>.\",\"settings_perma\":\"Dauerhaft aktivieren und Daten\\u00fcber-tragung zustimmen:\",\"info_link\":\"http:\\\/\\\/www.heise.de\\\/ct\\\/artikel\\\/2-Klicks-fuer-mehr-Datenschutz-1333879.html\",\"uri\":\"https:\\\/\\\/blogs.uni-paderborn.de\\\/sse\\\/2015\\\/02\\\/11\\\/google-confirms-tapjacking-attack\\\/\",\"post_id\":1490,\"post_title_referrer_track\":\"Google+Confirms+Tapjacking+Attack+%26%238211%3B+Likely+All+Versions+Are+Affected%21\",\"display_infobox\":\"on\"});}});\n\/* ]]> *\/<\/script><\/div><p>Stephan Huber and I found a dangerous\u00a0tapjacking vulnerability in the Android Open Source Project (AOSP) which causes serious security issues. Tapjacking, which is similar to clickjacking for web applications, is an attack where the user clicks\/taps on seemingly benign objects in applications, triggering unintended actions not actually intended by the victim[1]. This results to dangerous security issues. Unfortunately, we already\u00a0found malware samples in the wild that include our attack. To the best of our knowledge, the attack seems to apply to all currently available Android versions back til version 2.3. The attack, together with a patch, has already been submitted to the Android Security team who confirmed our vulnerability and add our patch to the next major release of the AOSP. More details on the attack will follow as soon as the\u00a0AOSP is patched. The contribution is nominated for Google&#8217;s Patch Award.<\/p>\n<p>[1] Marcus Niemietz and J\u00f6rg Schwenk, UI Redressing Attacks on Android Devices, BlackHat Asia 2014<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Stephan Huber and I found a dangerous\u00a0tapjacking vulnerability in the Android Open Source Project (AOSP) which causes serious security issues. Tapjacking, which is similar to clickjacking for web applications, is an attack where the user clicks\/taps on seemingly benign objects &hellip; <a href=\"https:\/\/blogs.uni-paderborn.de\/sse\/2015\/02\/11\/google-confirms-tapjacking-attack\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":6581,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1490","post","type-post","status-publish","format-standard","hentry","category-general"],"_links":{"self":[{"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/posts\/1490","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/users\/6581"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/comments?post=1490"}],"version-history":[{"count":0,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/posts\/1490\/revisions"}],"wp:attachment":[{"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/media?parent=1490"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/categories?post=1490"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/tags?post=1490"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}