File Download

There are no files associated with this item.

  Links for fulltext
     (May Require Subscription)
Supplementary

Conference Paper: iPhish: Phishing vulnerabilities on consumer electronics

TitleiPhish: Phishing vulnerabilities on consumer electronics
Authors
Issue Date2008
Citation
Usability, Psychology, and Security, UPSEC 2008, 2008 How to Cite?
AbstractAs consumer electronic devices with embedded browsers become popular, financial institutions and online merchants set up websites to accommodate visitors using these devices. These devices range from cell phones to gaming consoles, cars, and even refrigerators. Porting a traditional desktop1 browser to a mobile device is more involved than resizing the display. To adapt to the hardware limitations inherent in mobile devices, mobile browsers often remove or replace certain features commonly found in traditional browsers. Unfortunately, some of these features are critical for depending against phishing attacks. We studied browsers on three mobile devices and discovered vulnerabilities in their input, chrome, and URL display. We conducted a user study to confirm our findings on the iPhone Safari browser, one of the most popular mobile browser platforms. For each potential vulnerability, we were able to construct a phishing scenario to successfully fool users into giving away the credentials for a role-played Bank of America account. To mitigate the vulnerabilities, we propose to designate and display URLs in a more phishing-resistant way, and to create an anti-phishing proxy that is independent of mobile devices or browsers.
Persistent Identifierhttp://hdl.handle.net/10722/346964

 

DC FieldValueLanguage
dc.contributor.authorNiu, Yuan-
dc.contributor.authorHsu, Francis-
dc.contributor.authorChen, Hao-
dc.date.accessioned2024-09-17T04:14:28Z-
dc.date.available2024-09-17T04:14:28Z-
dc.date.issued2008-
dc.identifier.citationUsability, Psychology, and Security, UPSEC 2008, 2008-
dc.identifier.urihttp://hdl.handle.net/10722/346964-
dc.description.abstractAs consumer electronic devices with embedded browsers become popular, financial institutions and online merchants set up websites to accommodate visitors using these devices. These devices range from cell phones to gaming consoles, cars, and even refrigerators. Porting a traditional desktop1 browser to a mobile device is more involved than resizing the display. To adapt to the hardware limitations inherent in mobile devices, mobile browsers often remove or replace certain features commonly found in traditional browsers. Unfortunately, some of these features are critical for depending against phishing attacks. We studied browsers on three mobile devices and discovered vulnerabilities in their input, chrome, and URL display. We conducted a user study to confirm our findings on the iPhone Safari browser, one of the most popular mobile browser platforms. For each potential vulnerability, we were able to construct a phishing scenario to successfully fool users into giving away the credentials for a role-played Bank of America account. To mitigate the vulnerabilities, we propose to designate and display URLs in a more phishing-resistant way, and to create an anti-phishing proxy that is independent of mobile devices or browsers.-
dc.languageeng-
dc.relation.ispartofUsability, Psychology, and Security, UPSEC 2008-
dc.titleiPhish: Phishing vulnerabilities on consumer electronics-
dc.typeConference_Paper-
dc.description.naturelink_to_subscribed_fulltext-
dc.identifier.scopuseid_2-s2.0-85093935513-

Export via OAI-PMH Interface in XML Formats


OR


Export to Other Non-XML Formats