| Summary: | 碩士 === 國立中央大學 === 資訊工程學系 === 102 === Clickjacking is a kind of cyber attacks, also known as UI redress attack. Clickjacking happens when the user clicks on the element, which is set to be transparent and put on top of the other visible element. When the user wants to click on the visible element, he actually clicks on the transparent element without his attention.
When clickjacking occurred on smartphones, there is a new term called “Tapjacking”. Tapjacking can be divided into two types, desktop-based UI redress attack and browserless UI redress attack. We focus on browserless tapjacking attack and construct a real world browserless tapjacking attack to prove that there are still some problems on the existing tapjacking solution provided by Android. Besides, this thesis also proposes a new solution “TCGM” against browserless tapjacking attack.
Our solution “TCGM” can stop browserless tapjacking attack automatically and effectively unlike existing Android solution, which needs to be enabled manually. Moreover, our solution can be integrated into existing Android framework with ease and only a few lines of code need to be inserted.
|
|---|
