Cloak & Dagger: From Two Permissions to Complete Control of the UI Feedback Loop

While both the SYSTEM_ALERT_WINDOW and the BIND_ACCESSIBILITY_SERVICE Android permissions have been abused individually (e.g., in UI redressing attacks, accessibility attacks), previous attacks based on these permissions failed to completely control the UI feedback loop and thus either rely on vanishing side-channels to time the appearance of overlay UI, cannot respond properly to user input, or make the attacks literally visible. In this work, we demonstrate how combining the capabilities of these permissions leads to complete control of the UI feedback loop and creates devastating and stealthy attacks. by Chenxiong Qian, Simon Pak Ho Chung, Wenke Lee, & Yanick Fratantonio Full Abstract & Presentation Materials: https://www.blackhat.com/us-17/briefi...

Join Today
Game of Chromes: Owning the Web with Zombie Chrome Extensions
▶︎

Game of Chromes: Owning the Web with Zombie Chrome Extensions

Betraying the BIOS: Where the Guardians of the BIOS are Failing
▶︎

Betraying the BIOS: Where the Guardians of the BIOS are Failing

Trump Attends NBA Finals, Cries Election Fraud in California & Storms Out of Interview
▶︎

Trump Attends NBA Finals, Cries Election Fraud in California & Storms Out of Interview

Broadpwn: Remotely Compromising Android and iOS via a Bug in Broadcom's Wi-Fi Chipsets
▶︎

Broadpwn: Remotely Compromising Android and iOS via a Bug in Broadcom's Wi-Fi Chipsets

Attacking AI - Jason Haddix - NDC Security 2026
▶︎

Attacking AI - Jason Haddix - NDC Security 2026

Ichthyology: Phishing as a Science
▶︎

Ichthyology: Phishing as a Science

3G/4G Intranet Scanning and its Application on the WormHole Vulnerability
▶︎

3G/4G Intranet Scanning and its Application on the WormHole Vulnerability

Breaking Encrypted Databases: Generic Attacks on Range Queries
▶︎

Breaking Encrypted Databases: Generic Attacks on Range Queries

Best of Deep House [2026] | Melodic House & Progressive Flow
▶︎

Best of Deep House [2026] | Melodic House & Progressive Flow

Cybersecurity Architecture: Who Are You? Identity and Access Management
▶︎

Cybersecurity Architecture: Who Are You? Identity and Access Management

Defcon 21 - The Secret Life of SIM Cards
▶︎

Defcon 21 - The Secret Life of SIM Cards

Exploiting Network Printers
▶︎

Exploiting Network Printers

How Rockstar fit an entire city into PlayStation 2 memory
▶︎

How Rockstar fit an entire city into PlayStation 2 memory

Knicks Fans Brand Elmo a Traitor & Trump Storms Out of "Meet the Press" Interview | The Daily Show
▶︎

Knicks Fans Brand Elmo a Traitor & Trump Storms Out of "Meet the Press" Interview | The Daily Show

OWASP's Top 10 Ways to Attack LLMs: AI Vulnerabilities Exposed
▶︎

OWASP's Top 10 Ways to Attack LLMs: AI Vulnerabilities Exposed

Something is jamming GPS over Europe. Here's what we found
▶︎

Something is jamming GPS over Europe. Here's what we found

Tracking Ransomware End to End
▶︎

Tracking Ransomware End to End

Datacenter Orchestration Security and Insecurity: Assessing Kubernetes, Mesos, and Docker at Scale
▶︎

Datacenter Orchestration Security and Insecurity: Assessing Kubernetes, Mesos, and Docker at Scale

ARMageddon: How Your Smartphone CPU Breaks Software-Level Security and Privacy
▶︎

ARMageddon: How Your Smartphone CPU Breaks Software-Level Security and Privacy

Ibiza Summer Mix 2026 🍓 Best Of Tropical Deep House Music Chill Out Mix 2025 🍓 Chillout Lounge
▶︎

Ibiza Summer Mix 2026 🍓 Best Of Tropical Deep House Music Chill Out Mix 2025 🍓 Chillout Lounge