Inside Job: Understanding and Mitigating the Threat of External Device Mis-Bonding on Android

Naveed, Muhammad; Zhou, Xiaoyong; Demetriou, Soteris; Gunter, Carl A.

doi:10.14722/ndss.2014.23097

Cited by 45 publications

(81 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We found that under the strategy for selecting suspicious processes, only 1.68% of the popular apps with perceptible impacts on user experience needed to be closed when they were running in the background and all of them could be swiftly restored without losing their runtime states. Our study further shows that the new technique defeated all known RIG attacks, including audio recording, Bluetooth misbonding [6], a series of side-channel attacks on high-profile apps [1], [4], [5], [20], the recently proposed user-interface inference [2] and voice eavesdropping [7], together with the new IoT attacks we discovered, at a performance cost as low as 5% of CPU time and 40 MB memory.…”

Section: Introductionmentioning

confidence: 56%

“…More recently, research has found that Android Bluetooth accessories are also vulnerable to such runtime data stealing [6]. The official app of a Bluetooth medical device, such as blood-glucose meter and pulse oximeter, can be monitored by a malicious app with the Bluetooth permission.…”

Section: A Background and Prior Findingsmentioning

confidence: 99%

“…For example, prior research shows that apps with the RECORD_AUDIO permission are capable of selectively extracting confidential data (e.g., credit card number) and stealthily delivering it to the adversary [3]. Also, the official app of an external medical device, such as a blood glucose meter, can be monitored for collecting patient data from the device through the Bluetooth channel, before the official app is able to establish its connection with the device [6]. Particularly concerning here is that even the app not asking for any permission can still obtain highly-sensitive user information from a variety of side channels, demonstrating the fundamental weakness of mobile devices in separating an app's operations from its data.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Leave Me Alone: App-Level Protection against Runtime Information Gathering on Android

Zhang

Yuan

Naveed

et al. 2015

2015 IEEE Symposium on Security and Privacy

Self Cite

View full text Add to dashboard Cite

Stealing of sensitive information from apps is always considered to be one of the most critical threats to Android security. Recent studies show that this can happen even to the apps without explicit implementation flaws, through exploiting some design weaknesses of the operating system, e.g., shared communication channels such as Bluetooth, and side channels such as memory and network-data usages. In all these attacks, a malicious app needs to run side-by-side with the target app (the victim) to collect its runtime information. Examples include recording phone conversations from the phone app, gathering WebMD's data usages to infer the disease condition the user looks at, etc. This runtime-information-gathering (RIG) threat is realistic and serious, as demonstrated by prior research and our new findings, which reveal that the malware monitoring popular Android-based home security systems can figure out when the house is empty and the user is not looking at surveillance cameras, and even turn off the alarm delivered to her phone.To defend against this new category of attacks, we propose a novel technique that changes neither the operating system nor the target apps, and provides immediate protection as soon as an ordinary app (with only normal and dangerous permissions) is installed. This new approach, called App Guardian, thwarts a malicious app's runtime monitoring attempt by pausing all suspicious background processes when the target app (called principal) is running in the foreground, and resuming them after the app stops and its runtime environment is cleaned up. Our technique leverages a unique feature of Android, on which thirdparty apps running in the background are often considered to be disposable and can be stopped anytime with only a minor performance and utility implication. We further limit such an impact by only focusing on a small set of suspicious background apps, which are identified by their behaviors inferred from their side channels (e.g., thread names, CPU scheduling and kernel time). App Guardian is also carefully designed to choose the right moments to start and end the protection procedure, and effectively protect itself against malicious apps. Our experimental studies show that this new technique defeated all known RIG attacks, with small impacts on the utility of legitimate apps and the performance of the OS. Most importantly, the idea underlying our approach, including app-level protection, side-channel based defense and lightweight response, not only significantly raises the bar for the RIG attacks and the research on this subject but can also inspire the follow-up effort on new detection systems practically deployable in the fragmented Android ecosystem.

show abstract

Section: Introductionmentioning

confidence: 56%

Section: A Background and Prior Findingsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Leave Me Alone: App-Level Protection against Runtime Information Gathering on Android

Zhang

Yuan

Naveed

et al. 2015

2015 IEEE Symposium on Security and Privacy

Self Cite

View full text Add to dashboard Cite

show abstract

“…[3]. Also, a Bluetooth operated medical device's genuine app can give away a vital information [6]. A big concern here is that even zero permission can still gain highly profound data from a variety of side channels, signifying the important weakness of mobile devices in extrication an app's operations from its data.…”

Section: Introductionmentioning

confidence: 99%

AntiRIG Security System in Android

Jadhav¹,

Khachane²

2017

IJARCSSE

View full text Add to dashboard Cite

Larceny of profound data from apps is at all times measured to be one of the most perilous threats to Android sanctuary. Latest studies show that this can happen even to the apps without obvious implementation weaknesses, through abusing some design flaws of the mobile operating system, e.g., pooled communication channels such as Bluetooth, and side channels such as memory and network data usages. In all these bouts, a malevolent app needs to run abreast with the target (the prey) app (such as messaging, dialer, IoT interface, Bluetooth control service, Internet browser, etc.) to gather its runtime information. Case in point comprise recording cell phone talks from the phone app, gathering medical history data to conclude the ailment condition the user, etc. This runtime information gathering (RIG) menace is convincing and severe, as validated by earlier study and new discoveries, these malicious apps can read entire message threads, can control Bluetooth data transmission, can read, alter and even spoof contact in the device (which can lead to a Social Engineering attack through which device user can fall prey to the name displayed but with attackers contact no. beneath, and can misinterpret or overlook it as a trusted source), can steal passwords and other credentials no matter if they are encrypted or plain format, can control IoT enabled devices which are connected by means of shared communication channel to handset, can disclose user location, can collect phone call recordings and decipher pin from voice sample, etc. To arrange for shield against this new sort of bouts, here is a research of a competent & pioneering system which does not require any modification of existing systems such as on operating system level as well as on applications level. This security system will be capable of securing any app from any category. This new line of security, called AntiRIG Security System, spoils a malevolent app's runtime monitoring challenge by suspending (stopping & putting on hold) all suspicious background processes when the target app (called the prey) is running in the forefront, and restoring the state of all suspicious background processes from the state where they had paused after the prey app ends execution completely and its runtime environment is sanitised. In Android operating system applications are divided in frontground and background instances where any app can be stopped and resume as per need of operating system. AntiRIG Security System takes advantage of this treatment given to applications in android. AntiRIG Security System will also be carefully designed to select the true instants to start and end the shield process, and effectively safeguard itself against malevolent apps. The experimental studies show that this new AntiRIG Security System independent of OS version works well with small influences on the efficacy of legitimate apps and the performance of the OS. Most essentially, the inkling underlying this approach, includes providing protection at the level of application, defen...

show abstract

“…As the value of incentives increase, users could be more tempted to cheat when reporting their per-formance [20], which would endanger the viability of the system for the service provider and its affiliates, as well as its attractiveness to the users. For example, location cheating can be achieved by making mobile devices report erroneous location information to the activity-tracking app [21], [22], or by spoofing the GPS/Wi-Fi signals used for geo-location users [23]- [25]. Moreover, some tools enable users to manipulate activity data to lie about their performance [26]- [28].…”

Section: Introductionmentioning

confidence: 99%

SecureRun: Cheat-Proof and Private Summaries for Location-Based Activities

Pham

Huguenin

Bilogrevic

et al. 2016

IEEE Trans. on Mobile Comput.

View full text Add to dashboard Cite

Abstract-Activity-tracking applications, where people record and upload information about their location-based activities (e.g., the routes of their activities), are increasingly popular. Such applications enable users to share information and compete with their friends on activity-based social networks but also, in some cases, to obtain discounts on their health insurance premiums by proving they conduct regular fitness activities. However, they raise privacy and security issues: the service providers know the exact locations of their users; the users can report fake location information, for example, to unduly brag about their performance. In this paper, we present SecureRun, a secure privacy-preserving system for reporting location-based activity summaries (e.g., the total distance covered and the elevation gain). SecureRun is based on a combination of cryptographic techniques and geometric algorithms, and it relies on existing Wi-Fi access-point networks deployed in urban areas. We evaluate SecureRun by using real data-sets from the FON hotspot community networks and from the Garmin Connect activity-based social network, and we show that it can achieve tight (up to a median accuracy of more than 80%) verifiable lower-bounds of the distance covered and of the elevation gain, while protecting the location privacy of the users with respect to both the social network operator and the access point network operator(s). The results of our online survey, targeted at RunKeeper users recruited through the Amazon Mechanical Turk platform, highlight the lack of awareness and significant concerns of the participants about the privacy and security issues of activity-tracking applications. They also show a good level of satisfaction regarding SecureRun and its performance.

show abstract

Inside Job: Understanding and Mitigating the Threat of External Device Mis-Bonding on Android

Cited by 45 publications

References 18 publications

Leave Me Alone: App-Level Protection against Runtime Information Gathering on Android

Leave Me Alone: App-Level Protection against Runtime Information Gathering on Android

AntiRIG Security System in Android

SecureRun: Cheat-Proof and Private Summaries for Location-Based Activities

Contact Info

Product

Resources

About