A View To A Kill: WebView Exploitation

Authors

Matthias Neugschwandtner, Martina Lindorfer, Christian Platzer

Venue

Proceedings of the 6th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET), August 2013

Abstract

WebView is a technique to mingle web and native applications for mobile devices. The fact that its main incentive requires making data stored on, as well as the functionality of mobile devices, directly accessible to active web content, is not without consequences to security. In this paper, we present a threat scenario that targets WebView apps and show its practical applicability in a case study of selected apps. We further show results of our examination of over 287,000 apps in regard to WebView-related vulnerabilities.

BibTeX

@inproceedings{Neugschwandtner2013A_View,
  title     = {{A View To A Kill: WebView Exploitation}},
  author    = {Neugschwandtner, Matthias and Lindorfer, Martina and Platzer, Christian},
  booktitle = {Proceedings of the 6th USENIX Workshop on Large-Scale Exploits and Emergent Threats},
  series    = {LEET},
  month     = {August},
  year      = {2013},
  address   = {Washington, D.C.}
}