ABSTRACT
Sophisticated malware targeting the Android mobile operating system increasingly utilizes local root exploits. These allow for the escalation of privileges and subsequent automatic, unnoticed, and permanent infection of a target device. Poor vendor patch policy leaves customer devices vulnerable for many months. All current local root exploits are exclusively implemented as native code and can be dynamically downloaded and run by any app. Hence, the lack of control mechanisms for the execution of native code poses a major threat to the security of Android devices. In this paper, we present different approaches to prevent local root exploits by means of gradually controlling native code execution. The proposed alterations to the Android operating system protect against all current local root exploits, while limiting the user experience as little as possible. Thus, the approaches we present help to avert automatic privilege escalation and to reduce exploitability and malware infection of Android devices.
- Android Open Source Project. Android Security Overview. http://source.android.com/tech/security/ (18.02.2013).Google Scholar
- M. Balanza, K. Alintanahin, O. Abendan, J. Dizon, and B. Caraig. DroidDreamLight lurks behind legitimate Android apps. In 6th International Conference on Malicious and Unwanted Software (MALWARE), pages 73 --78, oct. 2011. Google ScholarDigital Library
- S. Bugiel, L. Davi, A. Dmitrienko, S. Heuser, A.-R. Sadeghi, and B. Shastry. Practical and lightweight domain isolation on android. In Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM '11, pages 51--62, New York, NY, USA, 2011. ACM. Google ScholarDigital Library
- W. Enck, M. Ongtang, and P. McDaniel. Understanding Android Security. Security & Privacy, IEEE, 7(1):50--57, jan.-feb. 2009. Google ScholarDigital Library
- J. C. Foster and M. Price. Sockets, Shellcode, Porting & Coding. Syngress Publishing, 2005.Google Scholar
- X. Jiang. GingerMaster: First Android Malware Utilizing a Root Exploit on Android 2.(Gingerbread), August 18, 2011. http://www.csc.ncsu.edu/faculty/jiang/GingerMaster/ (18.02.2013).Google Scholar
- X. Jiang. New Sophisticated Android Malware DroidKungFu Found in Alternative Chinese App Markets, June 23, 2011. http://www.csc.ncsu.edu/faculty/jiang/DroidKungFu\\.html (18.02.2013).Google Scholar
- X. Jiang. New GappII Trojan Found in Alternative Android Markets, April 27, 2012. http://www.csc.ncsu.edu/faculty/jiang/GappII/ (18.02.2013).Google Scholar
- X. Jiang. New RootSmart Android Malware Utilizes the GingerBreak Root Exploit, February 3, 2012. http://www.csc.ncsu.edu/faculty/jiang/RootSmart/ (18.02.2013).Google Scholar
- SELinux Project. SEAndroid. http://selinuxproject.org/page/SEAndroid (18.02.2013).Google Scholar
- M. Spreitzenbarth and F. Freiling. Android Malware on the Rise. Technical report, University of Erlangen, Dept. of Computer Science, April 2012. Tech. Rep. CS-2012-04.Google Scholar
- A. Stavrou, J. Voas, T. Karygiannis, and S. Quirolgico. Building security into off-the-shelf smartphones. Computer, 45(2):82 --84, Feb. 2012. Google ScholarDigital Library
- G. L. Tona. TOMOYO Linux on Android, May 2009. http://sourceforge.jp/projects/tomoyo/docs/Part2\_\\CELF\_Android.pdf (18.02.2013).Google Scholar
- T. Vidas, D. Votipka, and N. Christin. All your droid are belong to us: a survey of current android attacks. In Proceedings of the 5th USENIX conference on Offensive technologies, WOOT'11, pages 81--90, Berkeley, CA, USA, 2011. USENIX Association. Google ScholarDigital Library
- Y. Zhou and X. Jiang. Dissecting android malware: Characterization and evolution. In IEEE Symposium on Security and Privacy 2012, pages 95 -- 109, May 2012. Google ScholarDigital Library
- Y. Zhou, Z. Wang, W. Zhou, and X. Jiang. Hey, you, get off of my market: Detecting malicious apps in official and alternative android markets. In Proceedings of the 19th Network and Distributed System Security Symposium, February 2012.Google Scholar
Index Terms
- Native code execution control for attack mitigation on android
Recommendations
Protecting data on android platform against privilege escalation attack
Innovative Security Technologies against Insider Threats and Data LeakageThe users of smartphones are rapidly expanding worldwide. These devices have user's security-sensitive data and are ready to communicate with the outside world. Various kinds of malware are attacking smartphones, especially Android phones, but the ...
Automated detection and mitigation of inter-application security vulnerabilities in Android (invited talk)
DeMobile 2014: Proceedings of the 2nd International Workshop on Software Development Lifecycle for MobileAndroid is the most popular platform for mobile devices. It facilitates sharing data and services between applications by providing a rich inter-application communication system. While such sharing can be controlled by the Android permission system, ...
From System Services Freezing to System Server Shutdown in Android: All You Need Is a Loop in an App
CCS '15: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications SecurityThe Android OS not only dominates 78.6% of the worldwide smartphone market in 2014, but importantly has been widely used for mission critical tasks (e.g., medical devices, auto/aircraft navigators, embedded in satellite project). The core of Android, ...
Comments