Assessing the Feasibility of the Virtual Smartphone Paradigm in Countering Zero-Click Attacks
| dc.contributor.author | Shafqat, Narmeen | |
| dc.contributor.author | Topcuoglu, Cem | |
| dc.contributor.author | Kirda, Engin | |
| dc.contributor.author | Ranganathan, Aanjhan | |
| dc.date.accessioned | 2023-12-26T18:53:59Z | |
| dc.date.available | 2023-12-26T18:53:59Z | |
| dc.date.issued | 2024-01-03 | |
| dc.identifier.doi | 10.24251/HICSS.2024.892 | |
| dc.identifier.isbn | 978-0-9981331-7-1 | |
| dc.identifier.other | bbcbf17c-64cd-4657-8655-761e53f62c46 | |
| dc.identifier.uri | https://hdl.handle.net/10125/107278 | |
| dc.language.iso | eng | |
| dc.relation.ispartof | Proceedings of the 57th Hawaii International Conference on System Sciences | |
| dc.rights | Attribution-NonCommercial-NoDerivatives 4.0 International | |
| dc.rights.uri | https://creativecommons.org/licenses/by-nc-nd/4.0/ | |
| dc.subject | Cybersecurity and Software Assurance | |
| dc.subject | mobile security | |
| dc.subject | pegasus spyware | |
| dc.subject | virtual smartphone. | |
| dc.subject | zero-click attacks | |
| dc.subject | zero-day | |
| dc.title | Assessing the Feasibility of the Virtual Smartphone Paradigm in Countering Zero-Click Attacks | |
| dc.type | Conference Paper | |
| dc.type.dcmi | Text | |
| dcterms.abstract | Zero-click attacks exploit unpatched vulnerabilities in chat apps, such as WhatsApp and iMessage, enabling root access to the user's device without their interaction, thereby posing a significant privacy risk. While Apple's Lockdown mode and Samsung's Message Guard implement virtual sandboxes, it is crucial to recognize that sophisticated zero-click exploits can potentially bypass the sandbox and compromise the device. This paper explores the feasibility of countering such attacks by shifting the attack surface to a virtual smartphone ecosystem, developed using readily available off-the-shelf components. Considering that zero-click attacks are inevitable, our cross-platform security system is strategically designed to substantially reduce the impact and duration of any potential successful attack. Our evaluation highlighted several trade-offs between security and usability. Moreover, we share insights to inspire further research on mitigating zero-click attacks on smartphones. | |
| dcterms.extent | 10 pages | |
| prism.startingpage | 7427 |
Files
Original bundle
1 - 1 of 1