Assessing the Feasibility of the Virtual Smartphone Paradigm in Countering Zero-Click Attacks
Files
Date
2024-01-03
Contributor
Advisor
Department
Instructor
Depositor
Speaker
Researcher
Consultant
Interviewer
Narrator
Transcriber
Annotator
Journal Title
Journal ISSN
Volume Title
Publisher
Volume
Number/Issue
Starting Page
7427
Ending Page
Alternative Title
Abstract
Zero-click attacks exploit unpatched vulnerabilities in chat apps, such as WhatsApp and iMessage, enabling root access to the user's device without their interaction, thereby posing a significant privacy risk. While Apple's Lockdown mode and Samsung's Message Guard implement virtual sandboxes, it is crucial to recognize that sophisticated zero-click exploits can potentially bypass the sandbox and compromise the device. This paper explores the feasibility of countering such attacks by shifting the attack surface to a virtual smartphone ecosystem, developed using readily available off-the-shelf components. Considering that zero-click attacks are inevitable, our cross-platform security system is strategically designed to substantially reduce the impact and duration of any potential successful attack. Our evaluation highlighted several trade-offs between security and usability. Moreover, we share insights to inspire further research on mitigating zero-click attacks on smartphones.
Description
Keywords
Cybersecurity and Software Assurance, mobile security, pegasus spyware, virtual smartphone., zero-click attacks, zero-day
Citation
Extent
10 pages
Format
Geographic Location
Time Period
Related To
Proceedings of the 57th Hawaii International Conference on System Sciences
Related To (URI)
Table of Contents
Rights
Attribution-NonCommercial-NoDerivatives 4.0 International
Rights Holder
Local Contexts
Collections
Email libraryada-l@lists.hawaii.edu if you need this content in ADA-compliant format.