Mobile Apps security- Overlay attacks in Android
Mobile apps are dominating every single aspect of our lives. The increasing complexity, adoption and new trends like “appification” and BYOD have also played a role in growing the market thus the revenues as well. Securing mobile apps is becoming harder as the magnitude and the complexity of development are increasing exponentially. A recent overlay attack on android devices- “LOKIBOT”- has earned $1.5 millions from compromised victims last year. In this talk, I will explain the work that we have done highlighting overlay attacks in terms of what and how. I will further present two methodologies to detect and handle such malicious windows. I will also cover several projects we did in an effort to secure hybrid mobile apps- a new trend in mobile apps development- by changing their configuration scheme to make it more granular and aligned. This talk will culminate with a sketch of interesting future directions in research related to securing mobile/web apps that integrates diverse computational approaches.
Abeer AlJarrah is a PhD candidate in the Software Information Systems department at the University of North Carolina-Charlotte. Her research interests span the broad area of systems security, with efforts addressing security challenges in mobile applications and web applications. In particular, her work in mobile applications security has led to several publications in venues like ARES, IEEE COMPSAC and ACM SIGSAC. She was also involved in a research project that addresses challenges in computer science education. In 2016 Abeer was awarded the GTA provost teaching award and in 2015 she was recognized in the international women's day at UNCC. Prior to joining PhD, Abeer earned her M.Sc. in Management Information Systems, and B.Sc. in Computer Science with honors from Yarmouk University and Jordan University of Science and Technology respectively. Abeer is also a member of the IEEE and ACM.