Mobile cloud security: An adversary model for lightweight browser security

Abstract

Lightweight browsers on mobile devices are increasingly been used to access cloud services and upload / view data stored on the cloud, due to their faster resource loading capabilities. These browsers use client side efficiency measures such as larger cache storage and fewer plugins. However, the impact on data security of such measures is an understudied area. In this paper, we propose an adversary model to examine the security of lightweight browsers. Using the adversary model, we reveal previously unpublished vulnerabilities in four popular light browsers, namely: UC Browser, Dolphin, CM Browser, and Samsung Stock Browser, which allows an attacker to obtain unauthorized access to the user’s private data. The latter include browser history, email content, and bank account details. For example, we also demonstrate that it is possible to replace the images of the cache in one of the browsers, which can be used to facilitate phishing and other fraudulent activities. By identifying the design flaw in these browsers (i.e. improper file storage), we hope that future browser designers can avoid similar errors.