This talk focuses on two of the most frequently used technologies on modern mobile devices, i.e., Bluetooth and password managers. The first part of the talk explains how an attacker can exploit BLE advertisements to exfiltrate information from BLE-enabled devices. In particular, our BLEWhisperer (ESORICS '22) attack establishes a communication medium between two devices without requiring any prior authentication or pairing. The talk will elucidate a proof-of-concept attack framework for the Android ecosystem. The second part of the talk presents a novel attack, called AutoSpill (CODASPY '23), on Android password managers to leak users' saved credentials during an autofill operation. AutoSpill conveniently dodges Android's secure autofill process and allows the attacker to get user credentials for free, i.e., the attacker does not even need to write the code to steal/phish credentials. The majority of popular Android password managers we considered in our experiments were found vulnerable to AutoSpill. Finally, the talk concludes with various practical countermeasures for both of our attacks.
31/05/2023