Abstract
Despite the relentless efforts on developing anti-phishing techniques, phishing attacks continue to proliferate, often incorporating evasion techniques to bypass detection. While recent studies have continuously enhanced our understanding of their evasion techniques in desktop environments, few studies have been conducted to explore how the phishing attack is being handled in mobile environments, specifically WebView. In this study, we systematically evaluate the blocking processes of anti-phishing entities in individual apps in the real world by designing the phishing attack tailored to WebView. Specifically, we select eight well-known apps using WebView, and report 80 typical phishing sites (without evasion techniques) and 130 user-agent-specific phishing sites (accessible exclusively via each app's WebView). For scalable analysis, we develop an autonomous evaluation framework and investigate accessibility of both apps and Safe Browsing entities. As a result, we find that user-agent-specific (UA-specific) phishing sites successfully evade blocking across all of the eight Android apps. We also investigate accessing strategies of anti-phishing crawlers of both the apps and Safe Browsing entities; and find that only two apps' crawlers can access UA-specific phishing sites without any subsequent actions such as blocking the link. Based on our experiment results, we present security recommendations to take proactive phishing cautions using link preview bots. To the best of our knowledge, this is the first study that explores how the WebView environments handle phishing attacks and disclose their limitation in the real world.
Original language | English |
---|---|
Title of host publication | WWW 2024 - Proceedings of the ACM Web Conference |
Publisher | Association for Computing Machinery, Inc |
Pages | 1923-1932 |
Number of pages | 10 |
ISBN (Electronic) | 9798400701719 |
DOIs | |
Publication status | Published - 2024 May 13 |
Event | 33rd ACM Web Conference, WWW 2024 - Singapore, Singapore Duration: 2024 May 13 → 2024 May 17 |
Publication series
Name | WWW 2024 - Proceedings of the ACM Web Conference |
---|
Conference
Conference | 33rd ACM Web Conference, WWW 2024 |
---|---|
Country/Territory | Singapore |
City | Singapore |
Period | 24/5/13 → 24/5/17 |
Bibliographical note
Publisher Copyright:© 2024 Owner/Author.
Keywords
- evasion technique
- phishing
- webview security
ASJC Scopus subject areas
- Computer Networks and Communications
- Software