Lei Wu,Michael C. Grace,Yajin Zhou,Chiachih Wu,Xuxian Jiang

DOI: https://doi.org/10.1145/2508859.2516728

2013-01-01

Abstract:ABSTRACTThe smartphone market has grown explosively in recent years, as more and more consumers are attracted to the sensor-studded multipurpose devices. Android is particularly ascendant; as an open platform, smartphone manufacturers are free to extend and modify it, allowing them to differentiate themselves from their competitors. However, vendor customizations will inherently impact overall Android security and such impact is still largely unknown. In this paper, we analyze ten representative stock Android images from five popular smartphone vendors (with two models from each vendor). Our goal is to assess the extent of security issues that may be introduced from vendor customizations and further determine how the situation is evolving over time. In particular, we take a three-stage process: First, given a smartphone's stock image, we perform provenance analysis to classify each app in the image into three categories: apps originating from the AOSP, apps customized or written by the vendor, and third-party apps that are simply bundled into the stock image. Such provenance analysis allows for proper attribution of detected security issues in the examined Android images. Second, we analyze permission usages of pre-loaded apps to identify overprivileged ones that unnecessarily request more Android permissions than they actually use. Finally, in vulnerability analysis, we detect buggy pre-loaded apps that can be exploited to mount permission re-delegation attacks or leak private information. Our evaluation results are worrisome: vendor customizations are significant on stock Android devices and on the whole responsible for the bulk of the security problems we detected in each device. Specifically, our results show that on average 85.78% of all pre-loaded apps in examined stock images are overprivileged with a majority of them directly from vendor customizations. In addition, 64.71% to 85.00% of vulnerabilities we detected in examined images from every vendor (except for Sony) arose from vendor customizations. In general, this pattern held over time -- newer smartphones, we found, are not necessarily more secure than older ones.

Qinsheng Hou,Wenrui Diao,Yanhao Wang,Chenglin Mao,Lingyun Ying,Song Liu,Xiaofeng Liu,Yuanzhi Li,Shanqing Guo,Meining Nie,Haixin Duan

DOI: https://doi.org/10.1109/tse.2023.3275655

IF: 7.4

2023-01-01

IEEE Transactions on Software Engineering

Abstract:Android is the most popular smartphone platform with over 85% market share. Its success is built on openness, and phone vendors can utilize the Android source code to make customized products with unique software/hardware features. On the other hand, the fragmentation and customization of Android also bring many security risks that have attracted the attention of researchers. Many efforts were put in to investigate the security of customized Android firmware. However, most of the previous works focus on designing efficient analysis tools or analyzing particular aspects of the firmware. There still lacks a panoramic view of Android firmware ecosystem security and the corresponding understandings based on large-scale firmware datasets. In this work, we made a large-scale comprehensive measurement of the Android firmware ecosystem security. Our study is based on 8,325 firmware images from 153 vendors and 813 Android-related CVEs, which is the largest Android firmware dataset ever used for security measurements. In particular, our study followed a series of research questions, covering vulnerabilities, patches, security updates, and pre-installed apps. To automate the analysis process, we designed a framework, AndScanner+ , to complete firmware crawling, firmware parsing, patch analysis, and app analysis. Through massive data analysis and case explorations, several interesting findings are obtained. For example, the patch delay and missing issues are widespread in Android firmware images, say 31.4% and 5.6% of all images, respectively. The latest images of several phones still contain vulnerable pre-installed apps, and even the corresponding vulnerabilities have been publicly disclosed. In addition to data measurements, we also explore the causes behind these security threats through case studies and demonstrate that the discovered security threats can be converted into exploitable vulnerabilities. There are 46 new vulnerabilities found by AndScanner+ , 36 of which have been assigned CVE/CNVD IDs. This study provides much new knowledge of the Android firmware ecosystem with a deep understanding of software engineering security practices.

Yajin Zhou,Xuxian Jiang

2013-01-01

Abstract:In this paper, we systematically study two vulnerabilities and their presence in existing Android applications (or “apps”). These two vulnerabilities are rooted in an unprotected Android component, i.e., content provider, inside vulnerable apps. Because of the lack of necessary access control enforcement, affected apps can be exploited to either passively disclose various types of private in-app data or inadvertently manipulate certain security-sensitive in-app settings or configurations that may subsequently cause serious system-wide side effects (e.g., blocking all incoming phone calls or SMS messages). To assess the prevalence of these two vulnerabilities, we analyze 62, 519 apps collected in February 2012 from various Android markets. Our results show that among these apps, 1, 279 (2.0%) and 871 (1.4%) of them are susceptible to these two vulnerabilities, respectively. In addition, we find that 435 (0.7%) and 398 (0.6%) of them are accessible from official Google Play and some of them are extremely popular with more than 10, 000, 000 installs. The presence of a large number of vulnerable apps in popular Android markets as well as the variety of private data for leaks and manipulation reflect the severity of these two vulnerabilities. To address them, we also explore and examine possible mitigation solutions.

Michael C. Grace,Yajin Zhou,Zhi Wang,Xuxian Jiang

2012-01-01

Abstract:Recent years have witnessed a meteoric increase in the adoption of smartphones. To manage information and features on such phones, Android provides a permission-based security model that requires each application to explicitly request permissions before it can be installed to run. In this paper, we analyze eight popular Android smartphones and discover that the stock phone images do not properly enforce the permission model. Several privileged permissions are unsafely exposed to other applications which do not need to request them for the actual use. To identify these leaked permissions or capabilities, we have developed a tool called Woodpecker. Our results with eight phone images show that among 13 privileged permissions examined so far, 11 were leaked, with individual phones leaking up to eight permissions. By exploiting them, an untrusted application can manage to wipe out the user data, send out SMS messages, or record user conversation on the affected phones – all without asking for any permission.

Chiachih Wu,Yajin Zhou,Kunal Patel,Zhenkai Liang,Xuxian Jiang

DOI: https://doi.org/10.14722/ndss.2014.23164

2014-01-01

Abstract:Recent years have experienced explosive growth of smartphone sales. Inevitably, the rise in the popularity of smartphones also makes them an attractive target for attacks. In light of these threats, current mobile platform providers have developed various server-side vetting processes to block malicious applications (“apps”). While helpful, they are still far from ideal in achieving their goals. To make matters worse, the presence of alternative (less-regulated) mobile marketplaces also opens up new attack vectors, which necessitate client-side solutions (e.g., mobile anti-virus software) to run on mobile devices. However, existing client-side solutions still exhibit limitations in their capability or deployability. In this paper, we present AirBag, a lightweight OS-level virtualization approach to enhance the popular Android platform and boost our defense capability against mobile malware infection. Assuming a trusted smartphone OS kernel and the fact that untrusted apps will be eventually installed onto users’ phones, AirBag is designed to isolate and prevent them from infecting our normal systems (e.g., corrupting the phone firmware) or stealthily leaking private information. More specifically, by dynamically creating an isolated runtime environment with its own dedicated namespace and virtualized system resources, AirBag not only allows for transparent execution of untrusted apps, but also effectively mediates their access to various system resources or phone functionalities (e.g., SMSs or phone calls). We have implemented a proof-of-concept prototype on three representative mobile devices, i.e., Google Nexus One, Nexus 7, and Samsung Galaxy S III. The evaluation results with a number of untrusted apps, including real-world mobile malware, demonstrate its practicality and effectiveness.

Mike Grace,Yajin Zhou,Zhi Wang,Xuxian Jiang

2011-01-01

Abstract:Recent years have witnessed increased popularity and adoption of smartphones partially due to the functionalities and convenience offered to their users (e.g., the ability to run third-party applications). To manage the amount of access given to smartphone applications, Android provides a permission-based security model, which requires each application to explicitly request permissions before it can be installed to run. In this paper, we systematically analyze eight flagship Android smartphones from leading manufacturers, including HTC, Motorola, and Samsung and found out that the stock phone images do not properly enforce the permission model. Several privileged permissions that protect the access to sensitive user data and dangerous features on the phones are unsafely exposed to other applications which do not need to request them for the actual use, a security violation termed capability leak in this paper. To facilitate identifying these capability leaks, we take a static analysis approach and have accordingly developed a system called Woodpecker. Our results with eight phone images show that among 13 privileged permissions examined so far, 11 were leaked, with individual phones leaking up to eight permissions. By exploiting these leaked capabilities, an untrusted application can manage to wipe out the user data, send out SMS messages (e.g., to premium numbers), record user conversation, or obtain user geo-locations on the affected phones – all without the need of asking for any permission.

Yajin Zhou,Xuxian Jiang

DOI: https://doi.org/10.1109/sp.2012.16

2012-01-01

Abstract:The popularity and adoption of smart phones has greatly stimulated the spread of mobile malware, especially on the popular platforms such as Android. In light of their rapid growth, there is a pressing need to develop effective solutions. However, our defense capability is largely constrained by the limited understanding of these emerging mobile malware and the lack of timely access to related samples. In this paper, we focus on the Android platform and aim to systematize or characterize existing Android malware. Particularly, with more than one year effort, we have managed to collect more than 1,200 malware samples that cover the majority of existing Android malware families, ranging from their debut in August 2010 to recent ones in October 2011. In addition, we systematically characterize them from various aspects, including their installation methods, activation mechanisms as well as the nature of carried malicious payloads. The characterization and a subsequent evolution-based study of representative families reveal that they are evolving rapidly to circumvent the detection from existing mobile anti-virus software. Based on the evaluation with four representative mobile security software, our experiments show that the best case detects 79.6% of them while the worst case detects only 20.2% in our dataset. These results clearly call for the need to better develop next-generation anti-mobile-malware solutions.

Thomas Sutter

DOI: https://doi.org/10.48550/arXiv.2112.08520

2021-12-13

Abstract:The Android Open Source Project (AOSP) is probably the most used and customized operating system for smartphones and IoT devices worldwide. Its market share and high adaptability makes Android an interesting operating system for many developers. Nowadays, we use Android firmware in smartphones, TVs, smartwatches, cars, and other devices by various vendors and manufacturers. The sheer amount of customized Android firmware and devices makes it hard for security analysts to detect potentially harmful applications. Another fact is that many vendors include apps from 3rd party developers. Such bloatware usually has more privileges than standard apps and cannot be removed by the user without rooting the device. In recent years several cases were reported where 3rd party developers could include malicious apps into the Android built chain. Media reports claim that pre-installed malware like Chamois and Triade we able to infect several million devices. Such cases demonstrate the need for better strategies for analyzing Android firmware. In our study, we analyze the Android firmware eco-system in various ways. We collected a dataset with several thousand Android firmware archives and show that several terabytes of firmware data are waiting on the web to be analyzed. We develop a web service called FirmwareDroid for analyzing Android firmware archives and pre-installed apps and create a dataset of firmware samples. Focusing on Android apps, we automated the process of extracting and scanning pre-installed apps with state of the art open-source tools. We demonstrate on real data that pre-installed apps are, in fact, a a threat to Android's users, and we can detect several hundred malware samples using scanners like VirusTotal, AndroGuard, and APKiD. With state of the art tools, we could scan more than 900000 apps during our research and give unique insights into Android custom ROMs.

Cryptography and Security

Sadegh Farhang,Mehmet Bahadir Kirdan,Aron Laszka,Jens Grossklags

DOI: https://doi.org/10.48550/arXiv.1905.09352

2019-05-22

Cryptography and Security

Abstract:In this paper, we perform a comprehensive study of 2,470 patched Android vulnerabilities that we collect from different data sources such as Android security bulletins, CVEDetails, Qualcomm Code Aurora, AOSP Git repository, and Linux Patchwork. In our data analysis, we focus on determining the affected layers, OS versions, severity levels, and common weakness enumerations (CWE) associated with the patched vulnerabilities. Further, we assess the timeline of each vulnerability, including discovery and patch dates. We find that (i) even though the number of patched vulnerabilities changes considerably from month to month, the relative number of patched vulnerabilities for each severity level remains stable over time, (ii) there is a significant delay in patching vulnerabilities that originate from the Linux community or concern Qualcomm components, even though Linux and Qualcomm provide and release their own patches earlier, (iii) different AOSP versions receive security updates for different periods of time, (iv) for 94% of patched Android vulnerabilities, the date of disclosure in public datasets is not before the patch release date, (v) there exist some inconsistencies among public vulnerability data sources, e.g., some CVE IDs are listed in Android Security bulletins with detailed information, but in CVEDetails they are listed as unknown, (vi) many patched vulnerabilities for newer Android versions likely also affect older versions that do not receive security patches due to end-of-life.

Daniel Klischies,Philipp Mackensen,Veelasha Moonsamy

DOI: https://doi.org/10.14722/ndss.2025.241161

2024-12-09

Abstract:Vulnerabilities in Android smartphone chipsets have severe consequences, as recent real-world attacks have demonstrated that adversaries can leverage vulnerabilities to execute arbitrary code or exfiltrate confidential information. Despite the far-reaching impact of such attacks, the lifecycle of chipset vulnerabilities has yet to be investigated, with existing papers primarily investigating vulnerabilities in the Android operating system. This paper provides a comprehensive and empirical study of the current state of smartphone chipset vulnerability management within the Android ecosystem. For the first time, we create a unified knowledge base of 3,676 chipset vulnerabilities affecting 437 chipset models from all four major chipset manufacturers, combined with 6,866 smartphone models. Our analysis revealed that the same vulnerabilities are often included in multiple generations of chipsets, providing novel empirical evidence that vulnerabilities are inherited through multiple chipset generations. Furthermore, we demonstrate that the commonly accepted 90-day responsible vulnerability disclosure period is seldom adhered to. We find that a single vulnerability often affects hundreds to thousands of different smartphone models, for which update availability is, as we show, often unclear or heavily delayed. Leveraging the new insights gained from our empirical analysis, we recommend several changes that chipset manufacturers can implement to improve the security posture of their products. At the same time, our knowledge base enables academic researchers to conduct more representative evaluations of smartphone chipsets, accurately assess the impact of vulnerabilities they discover, and identify avenues for future research.

Cryptography and Security

Xuewen Zhang,Yuanyuan Zhang,Juanru Li,Yikun Hu,Huayi Li,Dawu Gu

DOI: https://doi.org/10.1109/icsme.2017.15

2017-01-01

Abstract:The rapid-iteration, web-style update cycle of Android helps fix revealed security vulnerabilities for its latest version. However, such security enhancements are usually only available for few Android devices released by certain manufacturers (e.g., Google's official Nexus devices). More manufactures choose to stop providing system update service for their obsolete models, remaining millions of vulnerable Android devices in use. In this situation, a feasible solution is to leverage existing source code patches to fix outdated vulnerable devices. To implement this, we introduce EMBROIDERY, a binary rewriting based vulnerability patching system for obsolete Android devices without requiring the manufacturer's source code against Android fragmentation. EMBROIDERY patches the known critical framework and kernel vulnerabilities in Android using both static and dynamic binary rewriting techniques. It transplants official patches (CVE source code patches) of known vulnerabilities to different devices by adopting heuristic matching strategies to deal with the code diversity introduced by Android fragmentation, and fulfills a complex dynamic memory modification to implement kernel vulnerabilities patching. We employ EMBROIDERY to patch sophisticated Android kernel and framework vulnerabilities for various manufactures' obsolete devices ranging from Android 4.2 to 5.1. The result shows the patched devices are able to defend against known exploits and the normal functions are not affected.

Mario Linares-Vasquez,Gabriele Bavota,Camilo Escobar-Velasquez

DOI: https://doi.org/10.48550/arXiv.1704.03356

2017-04-11

Abstract:Mobile devices are used more and more in everyday life. They are our cameras, wallets, and keys. Basically, they embed most of our private information in our pocket. For this and other reasons, mobile devices, and in particular the software that runs on them, are considered first-class citizens in the software-vulnerabilities landscape. Several studies investigated the software-vulnerabilities phenomenon in the context of mobile apps and, more in general, mobile devices. Most of these studies focused on vulnerabilities that could affect mobile apps, while just few investigated vulnerabilities affecting the underlying platform on which mobile apps run: the Operating System (OS). Also, these studies have been run on a very limited set of vulnerabilities. In this paper we present the largest study at date investigating Android-related vulnerabilities, with a specific focus on the ones affecting the Android OS. In particular, we (i) define a detailed taxonomy of the types of Android-related vulnerability; (ii) investigate the layers and subsystems from the Android OS affected by vulnerabilities; and (iii) study the survivability of vulnerabilities (i.e., the number of days between the vulnerability introduction and its fixing). Our findings could help OS and apps developers in focusing their verification & validation activities, and researchers in building vulnerability detection tools tailored for the mobile world.

Software Engineering,Cryptography and Security

Sumaya Almanee,Arda Unal,Mathias Payer,Joshua Garcia

DOI: https://doi.org/10.48550/arXiv.1911.09716

2021-03-03

Abstract:Android apps include third-party native libraries to increase performance and to reuse functionality. Native code is directly executed from apps through the Java Native Interface or the Android Native Development Kit. Android developers add precompiled native libraries to their projects, enabling their use. Unfortunately, developers often struggle or simply neglect to update these libraries in a timely manner. This results in the continuous use of outdated native libraries with unpatched security vulnerabilities years after patches became available. To further understand such phenomena, we study the security updates in native libraries in the most popular 200 free apps on Google Play from Sept. 2013 to May 2020. A core difficulty we face in this study is the identification of libraries and their versions. Developers often rename or modify libraries, making their identification challenging. We create an approach called LibRARIAN (LibRAry veRsion IdentificAtioN) that accurately identifies native libraries and their versions as found in Android apps based on our novel similarity metric bin2sim. LibRARIAN leverages different features extracted from libraries based on their metadata and identifying strings in read-only sections. We discovered 53/200 popular apps (26.5%) with vulnerable versions with known CVEs between Sept. 2013 and May 2020, with 14 of those apps remaining vulnerable. We find that app developers took, on average, 528.71 days to apply security patches, while library developers release a security patch after 54.59 days - a 10 times slower rate of update.

Cryptography and Security,Software Engineering

Binbin Zhao,Shouling Ji,Jiacheng Xu,Yuan Tian,Qiuyang Wei,Qinying Wang,Chenyang Lyu,Xuhong Zhang,Changting Lin,Jingzheng Wu,Raheem Beyah

DOI: https://doi.org/10.1145/3533767.3534366

2022-01-01

Abstract:As the core of IoT devices, firmware is undoubtedly vital. Currently, the development of IoT firmware heavily depends on third-party components (TPCs), which significantly improves the development efficiency and reduces the cost. Nevertheless, TPCs are not secure, and the vulnerabilities in TPCs will turn back influence the security of IoT firmware. Currently, existing works pay less attention to the vulnerabilities caused by TPCs, and we still lack a comprehensive understanding of the security impact of TPC vulnerability against firmware. To fill in the knowledge gap, we design and implement FirmSec, which leverages syntactical features and control-flow graph features to detect the TPCs at version-level in firmware, and then recognizes the corresponding vulnerabilities. Based on FirmSec, we present the first large-scale analysis of the usage of TPCs and the corresponding vulnerabilities in firmware. More specifically, we perform an analysis on 34,136 firmware images, including 11,086 publicly accessible firmware images, and 23,050 private firmware images from TSmart. We successfully detect 584 TPCs and identify 128,757 vulnerabilities caused by 429 CVEs. Our in-depth analysis reveals the diversity of security issues for different kinds of firmware from various vendors, and discovers some well-known vulnerabilities are still deeply rooted in many firmware images. We also find that the TPCs used in firmware have fallen behind by five years on average. Besides, we explore the geographical distribution of vulnerable devices, and confirm the security situation of devices in several regions, e.g., South Korea and China, is more severe than in other regions. Further analysis shows 2,478 commercial firmware images have potentially violated GPL/AGPL licensing terms.

Shaoyong Du,Pengxiong Zhu,Jingyu Hua,Zhiyun Qian,Zhao Zhang,Xiaoyu Chen,Sheng Zhong

DOI: https://doi.org/10.1109/tdsc.2018.2889486

2021-01-01

Abstract:Android shared storage is shared with all the applications (apps for short) and the user. It is common to see that a large amount of apps store different kinds of files on it. It is well known that apps granted the read or write permissions can freely access any files in the shared storage. As a consequence, the shared storage has been demonstrated to expose sensitive information and jeopardize users' privacy. In this paper, we systematically study a simple but overlooked threat related to the shared storage-the lack of input validation (e.g., integrity verifications) when consuming files on the shared storage. We argue that the untrusted input from the shared storage is a much ubiquitous problem. By undertaking an empirically study through a static analysis tool we develop, we find over 30 percent of the 13,746 analyzed popular apps on the market suffer from such problem. By investigating the types of files consumed, we find shockingly a large fraction of apps store and consume sensitive files, which allows us to construct end-to-end attacks. Considering the ubiquity of this class of vulnerabilities, we finally define better access control policies for external storage to eliminate them for most apps.

Binbin Zhao,Shouling Ji,Jiacheng Xu,Yuan Tian,Qiuyang Wei,Qinying Wang,Chenyang Lyu,Xuhong Zhang,Changting Lin,Jingzheng Wu,Raheem Beyah

DOI: https://doi.org/10.1109/tdsc.2023.3279846

2024-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Currently, the development of IoT firmware heavily depends on third-party components (TPCs) to improve development efficiency. Nevertheless, TPCs are not secure, and the vulnerabilities in TPCs will influence the security of IoT firmware. Existing works pay less attention to the vulnerabilities caused by TPCs, and we still lack a comprehensive understanding of the security impact of TPC vulnerability against firmware. To fill in the knowledge gap, we design and implement FirmSec, which leverages syntactical features and control-flow graph features to detect the TPCs in firmware, and then recognizes the corresponding vulnerabilities. Based on FirmSec, we present the first large-scale analysis of the security risks raised by TPCs on 34,136 firmware images. We successfully detect 584 TPCs and identify 128,757 vulnerabilities caused by 429 CVEs. Our in-depth analysis reveals the diversity of security risks in firmware and discovers some well-known vulnerabilities are still rooted in firmware. Besides, we explore the geographical distribution of vulnerable devices and confirm that the security situation of devices in different regions varies. Our analysis also indicates that vulnerabilities caused by TPCs in firmware keep growing with the boom of the IoT ecosystem. Further analysis shows 2,478 commercial firmware images have potentially violated GPL/AGPL licensing terms.

Mounir Elgharabawy,Blas Kojusner,Mohammad Mannan,Kevin R. B. Butler,Byron Williams,Amr Youssef

DOI: https://doi.org/10.48550/arXiv.2204.01516

2022-04-04

Cryptography and Security

Abstract:The Android operating system is currently the most popular mobile operating system in the world. Android is based on Linux and therefore inherits its features including its Inter-Process Communication (IPC) mechanisms. These mechanisms are used by processes to communicate with one another and are extensively used in Android. While Android-specific IPC mechanisms have been studied extensively, Unix domain sockets have not been examined comprehensively, despite playing a crucial role in the IPC of highly privileged system daemons. In this paper, we propose SAUSAGE, an efficient novel static analysis framework to study the security properties of these sockets. SAUSAGE considers access control policies implemented in the Android security model, as well as authentication checks implemented by the daemon binaries. It is a fully static analysis framework, specifically designed to analyze Unix domain socket usage in Android system daemons, at scale. We use this framework to analyze 200 Android images across eight popular smartphone vendors spanning Android versions 7-9. As a result, we uncover multiple access control misconfigurations and insecure authentication checks. Our notable findings include a permission bypass in highly privileged Qualcomm system daemons and an unprotected socket that allows an untrusted app to set the scheduling priority of other processes running on the system, despite the implementation of mandatory SELinux policies. Ultimately, the results of our analysis are worrisome; all vendors except the Android Open Source Project (AOSP) have access control issues, allowing an untrusted app to communicate to highly privileged daemons through Unix domain sockets introduced by hardware manufacturer or vendor customization.

Yue-heng Zhang,Jun-liang Shu,Juan-ru Li,Qing Wang,Da-wu Gu

DOI: https://doi.org/10.12783/dtcse/wcne2016/5089

2017-01-01

DEStech Transactions on Computer Science and Engineering

Abstract:Android apps rely on secure communication protocol to prove the confidentiality of sensitive data transmission. However, inexperienced developers tend to adopt insecure communication and introduce security risks. To study how prevalent the insecure communication protocols are used by real world Android apps, we conducted an in-depth analysis to examine popular apps from Google Play and MyApp Android app market. We collect 435 apps from major categories, such as gaming, shopping and social networks, and we monitored the communication of those apps and classified their used protocols into three categories: secure, insecure, and proprietary. Then we investigated those proprietary ones to find potential insecure implementation. We designed and implemented RawDroid, a protocol audit system combining network monitoring and program analysis technique to systematically inspect the security of proprietary protocol. We found that a large number of developers frequently use non-standard proprietary protocols. Among all analyzed apps, our security audit revealed that 36.7% apps adopted a proprietary protocol, and all those proprietary protocols fail to achieve confidentiality: some of them send sensitive data in the form of plaintext to servers; some misuse cryptographic algorithms and lead to the exposure of transferred privacy even if the content is encrypted. We believe this kind of protocols pose great security threats to Android ecosystem.

Muqing Liu,Yuanyuan Zhang,Juanru Li,Junliang Shu,Dawu Gu

DOI: https://doi.org/10.1007/978-3-319-59608-2_40

2017-01-01

Abstract:Despite the increased concerning about embedded system security, the security assessment of commodity embedded devices is far from being adequate. The lack of assessment is mainly due to the tedious, time-consuming, and the very ad hoc reverse engineering procedure of the embedded device firmware. To simplify this procedure, we argue that only a particular part of the entire embedded device’s firmware, as we called vendor customized code, should be thoroughly analyzed. Vendor customized code is usually developed to deal with external inputs and is especially sensitive to attacks compared to other parts of the system. Moreover, vendor customized code is often highly specific and proprietary, which lacks security implementation guidelines. Therefore, the security demands of analyzing this kind of code is urgent.

Keke Lian,Lei Zhang,Guangliang Yang,Shuo Mao,Xinjie Wang,Yuan Zhang,Min Yang

DOI: https://doi.org/10.1145/3643730

2024-01-01

Abstract:Nowadays, mobile apps have greatly facilitated our daily work and lives. They are often designed to work closely and interact with each other through app components for data and functionality sharing. The security of app components has been extensively studied and various component attacks have been proposed. Meanwhile, Android system vendors and app developers have introduced a series of defense measures to mitigate these security threats. However, we have discovered that as apps evolve and develop, existing app component defenses have become inadequate to address the emerging security requirements. This latency in adaptation has given rise to the feasibility of cross-layer exploitation, where attackers can indirectly manipulate app internal functionalities by polluting their dependent data. To assess the security risks of cross-layer exploitation in real-world apps, we design and implement a novel vulnerability analysis approach, called CLDroid, which addresses two non-trivial challenges. Our experiments revealed that 1,215 (8.8%) popular apps are potentially vulnerable to cross-layer exploitation, with a total of more than 18 billion installs. We verified that through cross-layer exploitation, an unprivileged app could achieve various severe security consequences, such as arbitrary code execution, click hijacking, content spoofing, and persistent DoS. We ethically reported verified vulnerabilities to the developers, who acknowledged and rewarded us with bug bounties. As a result, 56 CVE IDs have been assigned, with 22 of them rated as ‘critical’ or ‘high’ severity.