Research Article

Authenticator Rebinding Attack of the UAF Protocol on Mobile Devices

Table 1

The difference between the two kinds of attacks.

Type-A Rebinding AttackType-B Rebinding Attack

Attack targetSome User Agents calling third-party UAF ClientsA specific User Agent with In-App Authenticator
Requiring the root permissionNoYes
Requiring additional user interactionYesNo
Requiring reverse analysisNoYes