Abstract
The number of Android malware has been increasing dramatically in recent years. Android malware can violate users’ security, privacy and damage their economic situation. Study of new malware will allow us to better understand the threat and design effective anti-malware strategies. In this paper, we introduce a new type of malware exploiting Android’s accessibility framework and describe a condition which allows malicious payloads to usurp control of the screen, steal user credentials and compromise user privacy and security. We implement a proof of concept malware to demonstrate such vulnerabilities and present experimental findings on the success rates of this attack. We show that 100 % of application launches can be detected using this malware, and 100 % of the time a malicious Activity can gain control of the screen. Our major contribution is two-fold. First, we are the first to discover the category of new Android malware manipulating Android’s accessibility framework. Second, our study finds new types of attacks and complements the categorization of Android malware by Zhou and Jiang [21]. This prompts the community to re-think categorization of malware for categorizing existing attacks as well as predicting new attacks.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
Link is no longer valid.
References
Accessibility. http://developer.android.com/guide/topics/ui/accessibility/index.html (2013)
Accessibility services. http://developer.android.com/guide/topics/ui/accessibility/services.html (2013)
Alcatelclub. http://www.alcatelclub.com/ (2013)
Android open source project. http://source.android.com/ (2013)
Application fundamentals. http://developer.android.com/guide/components/fundamentals.html (2013)
eoemarket. http://www.eoemarket.com/ (2013)
Gfan. http://www.gfan.com/ (2013)
Juniper networks third annual mobile threats report. http://www.juniper.net/us/en/local/pdf/additional-resources/3rd-jnpr-mobile-threats-report-exec-summary.pdf (2013)
Making applications accessible. http://developer.android.com/guide/topics/ui/accessibility/apps.html (2013)
Mmoovv. http://android.mmoovv.com/web/index.html (2013)
Becher, M., Freiling, F.C., Hoffmann, J., Holz, T., Uellenbeck, S., Wolf, C.: Mobile security catching up? revealing the nuts and bolts of the security of mobile devices. In: Proceedings of the 2011 IEEE Symposium on Security and Privacy, pp. 96–111 (2011)
Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A.-R., Shastry, B.: Towards taming privilege-escalation attacks on android. In: Proceedings of the 19th Network and Distributed System Security Symposium (NDSS) (2012)
Enck, W., Octeau, D., McDaniel, P., Chaudhuri, S.: A study of android application security. In: Proceedings of the 20th USENIX Conference on Security (2011)
Felt, A.P., Finifter, M., Chin, E., Hanna, S., Wagner, D.: A survey of mobile malware in the wild. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM) (2011)
Hunt, R., Hansman, S.: A taxonomy of network and computer attack methodologies. Comput. Netw. 24(1) (2005). (Elsevier)
Peng, S., Yu, S., Yang, A.: Smartphone malware and its propagation modeling: a survey. IEEE Commun. Surv. Tutor. PP(99), 1–17 (2013)
Polla, M.L., Martinelli, F., Sgandurra, D.: A survey on security for mobile devices. IEEE Commun. Surv. Tutor. 15(1), 446–471 (2013)
Rastogi, V., Chen, Y., Jiang, X.: Droidchameleon: evaluating android anti-malware against transformation attacks. Short Paper, Proceedings of the 8th ACM Symposium on Information, Computer and Communications Security (ASIACCS) (2013)
Schmidt, A.-D., Schmidt, H.-G., Batyuk, L., Clausen, J.H., Camtepe, S.A., Albayrak, S., Yildizli, C.: Smartphone malware evolution revisited: android next target? In: Proceedings of the 4th IEEE International Conference on Malicious and Unwanted Software (Malware 2009), pp. 1–7. IEEE (2009)
Zheng, M., Lee, P.P.C., Lui, J.C.S.: ADAM: an automatic and extensible platform to stress test android anti-virus systems. In: Flegel, U., Markatos, E., Robertson, W. (eds.) DIMVA 2012. LNCS, vol. 7591, pp. 82–101. Springer, Heidelberg (2013)
Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In: Proceedings of IEEE Symposium on Security and Privacy (SP) (2012)
Zhou, Y., Wang, Z., Zhou, W., Jiang, X.: Hey, you, get off of my market: detecting malicious apps in official and alternative android markets. In: Proceedings of the 19th Network and Distributed System Security Symposium (NDSS) (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Kraunelis, J., Chen, Y., Ling, Z., Fu, X., Zhao, W. (2014). On Malware Leveraging the Android Accessibility Framework. In: Stojmenovic, I., Cheng, Z., Guo, S. (eds) Mobile and Ubiquitous Systems: Computing, Networking, and Services. MobiQuitous 2013. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 131. Springer, Cham. https://doi.org/10.1007/978-3-319-11569-6_40
Download citation
DOI: https://doi.org/10.1007/978-3-319-11569-6_40
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-11568-9
Online ISBN: 978-3-319-11569-6
eBook Packages: Computer ScienceComputer Science (R0)