Understanding security risks in mobile-to-PC screen mirroring: an empirical study

Understanding security risks in mobile-to-PC screen mirroring: an empirical study

연구 분야: Strategies

학회: Cybersecurity

To facilitate collaboration across multiple devices and benefit from larger screens and better user experiences, many users choose to mirror their screen content of smartphones to personal computers. The implementation of the Android screen mirroring feature varies across different manufacturers, resulting in significant security differences among screen mirroring apps. Moreover, actual incidents of screen content leakage have exacerbated users’ concerns about the security of the Android screen mirroring feature. In this work, we systematically analyzed the system architecture of the Android screen mirroring feature and the security risks it faces. Specifically, we identified four critical security risks in the communication process between the mobile and PC sides of screen mirroring apps, including arbitrary access to screen content, MITM (Man-in-the-Middle) attacks, malicious commands injection, and data sniffing attacks. Attackers can exploit these identified security risks to arbitrarily access screen content or manipulate user’s phone to perform malicious operations. To evaluate the security risks of the Android mirroring feature in real-world deployments, we conducted a security evaluation on over 20 popular screen mirroring apps from multiple sources. The results indicate that all of these apps are facing at least one of the aforementioned security risks. Finally, we provide the corresponding recommendations to mitigate the identified security risks.