Abstract-Today's smartphones can be armed with many types of external devices, such as medical devices and credit card readers, that enrich their functionality and enable them to be used in application domains such as healthcare and retail. This new development comes with new security and privacy challenges. Existing phone-based operating systems, Android in particular, are not ready for protecting authorized use of these external devices: indeed, any app on an Android phone that acquires permission to utilize communication channels like Bluetooth and Near Field Communications is automatically given the access to devices communicating with the phone on these channels.In this paper, we present the first study on this new security issue, which we call external Device Mis-Bonding or DMB, under the context of Bluetooth-enabled Android devices. Our research shows that this problem is both realistic and serious: oftentimes an unauthorized app can download sensitive user data from an Android device and also help the adversary to deploy a spoofed device that injects fake data into the original device's official app on the phone. Specifically, we performed an in-depth analysis on four popular health/medical devices that collect sensitive user information and successfully built end-toend attacks that stealthily gathered sensitive user data and fed arbitrary information into the user's health/medical account, using nothing but Bluetooth permissions and public information disclosed by the phone. Our further study of 68 relevant deviceusing apps from Google Play confirms that the vast majority of the devices on the market are vulnerable to this new threat. To defend against it, we developed the first OS-level protection, called Dabinder. Our approach automatically generates secure bonding policies between a device and its official app, and enforces them when an app attempts to establish Bluetooth connections with a device and unpair the phone from the device (for resetting the Bluetooth link key). Our evaluation shows that this new technique effectively thwarts the DMB attacks and incurs only a negligible impact on the phone's normal operations.
A sensitive rolling-circle amplification (RCA)-based method utilizing species-specific padlock probes targeted to the internal transcribed spacer 2 region of the fungal ribosomal DNA gene complex was developed. The assay was rapid (2 hours) and specific. Of 28 fungal isolates (16 of Candida, six of Aspergillus, and six of Scedosporium spp.), all were all identified correctly.Fungal pathogens cause life-threatening infections in critically ill and immunosuppressed patients. Contemporary epidemiological trends reveal a shift toward species of Candida and Aspergillus other than Candida albicans and Aspergillus fumigatus and a range of emerging fungi including Scedosporium spp. and the zygomycetes (6,19). Given the reduced susceptibility of many of these pathogens to antifungal agents, timely identification to species level is essential for clinical management. However, standard culture-based identification methods are insensitive and slow (15).To overcome both problems, PCR-based tools have been developed. In particular, the internal transcribed spacer (ITS) regions, ITS1 and ITS2, of the fungal ribosomal DNA gene complex have shown promise as targets for species identification in a variety of formats including multiplex and/or real-time PCR assays (9, 16), DNA sequence analysis (1, 2, 12), and probe-based techniques (5, 7). The latter range from Southern blotting (5, 7) and reverse line blot (RLB) hybridization methods (23) to sophisticated microarray formats (10,11,17).Recently, the utility of circularizable oligonucleotide (padlock) probes has been demonstrated for the detection of target nucleic acid sequences, including nucleotide polymorphisms that differ by only a few base pairs, with high sensitivity (4,13,20). Such probes comprise two sequences complementary to the 5Ј and 3Ј termini of the target sequence joined by a linker region (Fig. 1A). Upon hybridization to the target, the probe ends are joined by DNA ligase to form a closed molecule. The intensity of the probespecific signal is then increased exponentially by rolling-circle amplification (RCA) (13) (Fig. 1B). There are few data on the application of padlock probes in the detection of polymorphisms in fungi. We report on a sensitive, RCA-based method using real-time PCR for species identification of clinically important Candida, Aspergillus, and Scedosporium spp.Twenty-eight clinical isolates were studied: two of C. albicans, two of Candida glabrata, three of Candida krusei, three of Candida tropicalis, three of Candida dubliniensis, three of Candida guilliermondii, four of A. fumigatus, two of Aspergillus flavus, and three strains each of Scedosporium apiospermum and Scedosporium prolificans. Species identity was confirmed by standard laboratory methods (3, 21) and ITS sequence analysis (23). Isolates were stored in sterile water at 25°C until required. DNA extraction and amplification of the ITS (ITS1, 5.8S rRNA, and ITS2) region, using the primers ITS1 and ITS4 (22), in preparation for hybridization with padlock probes (see below) were performed a...
Abstract. The rapid progress of human genome studies leads to a strong demand of aggregate human DNA data (e.g, allele frequencies, test statistics, etc.), whose public dissemination, however, has been impeded by privacy concerns. Prior research shows that it is possible to identify the presence of some participants in a study from such data, and in some cases, even fully recover their DNA sequences. A critical issue, therefore, becomes how to evaluate such a risk on individual data-sets and determine when they are safe to release. In this paper, we report our research that makes the first attempt to address this issue. We first identified the space of the aggregate-data-release problem, through examining common types of aggregate data and the typical threats they are facing. Then, we performed an in-depth study on different scenarios of attacks on different types of data, which sheds light on several fundamental questions in this problem domain. Particularly, we found that attacks on aggregate data are difficult in general, as the adversary often does not have enough information and needs to solve NP-complete or NPhard problems. On the other hand, we acknowledge that the attacks can succeed under some circumstances, particularly, when the solution space of the problem is small. Based upon such an understanding, we propose a risk-scale system and a methodology to determine when to release an aggregate data-set and when not to. We also used real human-genome data to verify our findings.
With the rapid increase in Android device popularity, the capabilities that the diverse user base demands from Android have significantly exceeded its original design. As a result, people have to seek ways to obtain the permissions not directly offered to ordinary users. A typical way to do that is using the Android Debug Bridge (ADB), a developer tool that has been granted permissions to use critical system resources. Apps adopting this solution have combined tens of millions of downloads on Google Play. However, we found that such ADB-level capabilities are not well guarded by Android. A prominent example we investigated is the apps that perform programmatic screenshots, a much-needed capability Android fails to support. We found that all such apps in the market inadvertently expose this ADB capability to any party with the INTERNET permission on the same device. With this exposure, a malicious app can be built to stealthily and intelligently collect sensitive user data through screenshots. To understand the threat, we built Screenmilker, an app that can detect the right moment to monitor the screen and pick up a user's password when she is typing in real time. We show that this can be done efficiently by leveraging the unique design of smartphone user interfaces and its public resources. Such an understanding also informs Android developers how to protect this screenshot capability, should they consider providing an interface to let third-party developers use it in the future, and more generally the security risks of the ADB workaround, a standard technique gaining popularity in app development. Based on the understanding, we present a mitigation mechanism that controls the exposure of the ADB capabilities only to authorized apps. Permission to freely reproduce all or part of this paper for noncommercial purposes is granted provided that copies bear this notice and the full citation on the first page. Reproduction for commercial purposes is strictly prohibited without the prior written consent of the Internet Society, the first-named author (for reproduction of an entire paper only), and the author's employer if the paper was prepared within the scope of employment.
Abstract-Android phone manufacturers are under the perpetual pressure to move quickly on their new models, continuously customizing Android to fit their hardware. However, the security implications of this practice are less known, particularly when it comes to the changes made to Android's Linux device drivers, e.g., those for camera, GPS, NFC etc. In this paper, we report the first study aimed at a better understanding of the security risks in this customization process. Our study is based on ADDICTED, a new tool we built for automatically detecting some types of flaws in customized driver protection. Specifically, on a customized phone, ADDICTED performs dynamic analysis to correlate the operations on a security-sensitive device to its related Linux files, and then determines whether those files are under-protected on the Linux layer by comparing them with their counterparts on an official Android OS. In this way, we can detect a set of likely security flaws on the phone. Using the tool, we analyzed three popular phones from Samsung, identified their likely flaws and built end-to-end attacks that allow an unprivileged app to take pictures and screenshots, and even log the keys the user enters through touchscreen. Some of those flaws are found to exist on over a hundred phone models and affect millions of users. We reported the flaws and helped the manufacturers fix those problems. We further studied the security settings of device files on 2423 factory images from major phone manufacturers, discovered over 1,000 vulnerable images and also gained insights about how they are distributed across different Android versions, carriers and countries.
Stealing of sensitive information from apps is always considered to be one of the most critical threats to Android security. Recent studies show that this can happen even to the apps without explicit implementation flaws, through exploiting some design weaknesses of the operating system, e.g., shared communication channels such as Bluetooth, and side channels such as memory and network-data usages. In all these attacks, a malicious app needs to run side-by-side with the target app (the victim) to collect its runtime information. Examples include recording phone conversations from the phone app, gathering WebMD's data usages to infer the disease condition the user looks at, etc. This runtime-information-gathering (RIG) threat is realistic and serious, as demonstrated by prior research and our new findings, which reveal that the malware monitoring popular Android-based home security systems can figure out when the house is empty and the user is not looking at surveillance cameras, and even turn off the alarm delivered to her phone.To defend against this new category of attacks, we propose a novel technique that changes neither the operating system nor the target apps, and provides immediate protection as soon as an ordinary app (with only normal and dangerous permissions) is installed. This new approach, called App Guardian, thwarts a malicious app's runtime monitoring attempt by pausing all suspicious background processes when the target app (called principal) is running in the foreground, and resuming them after the app stops and its runtime environment is cleaned up. Our technique leverages a unique feature of Android, on which thirdparty apps running in the background are often considered to be disposable and can be stopped anytime with only a minor performance and utility implication. We further limit such an impact by only focusing on a small set of suspicious background apps, which are identified by their behaviors inferred from their side channels (e.g., thread names, CPU scheduling and kernel time). App Guardian is also carefully designed to choose the right moments to start and end the protection procedure, and effectively protect itself against malicious apps. Our experimental studies show that this new technique defeated all known RIG attacks, with small impacts on the utility of legitimate apps and the performance of the OS. Most importantly, the idea underlying our approach, including app-level protection, side-channel based defense and lightweight response, not only significantly raises the bar for the RIG attacks and the research on this subject but can also inspire the follow-up effort on new detection systems practically deployable in the fragmented Android ecosystem.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.