Practical Exploit Generation for Intent Message Vulnerabilities in Android

Gallingani, Daniele; Gjomemo, Rigel; Venkatakrishnan, V.; Zanero, Stefano

doi:10.1145/2699026.2699132

Cited by 14 publications

(6 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…DroidSafe (2015) performs information flow analysis to investigate the communication exploits. Gallingani et al (2015) investigated intents related vulnerabilities and demonstrated how they may be exploited to insert the malicious data. Their experiments found 29 out of a total of 64 investigated apps as vulnerable to intent related attacks.…”

Section: Inter-component Communication / Intents Analysismentioning

confidence: 99%

PIndroid: A novel Android malware detection system using ensemble learning methods

Idrees

Rajarajan

Conti

et al. 2017

Computers & Security

178

View full text Add to dashboard Cite

This is the accepted version of the paper.This version of the publication may differ from the final published version.Permanent repository link: http://openaccess.city.ac.uk/17316/ Link to published version: http://dx. AbstractThe extensive use of smartphones has been a major driving force behind a drastic increase of malware attacks. Covert techniques used by the malware make them hard to detect with signature based methods. In this paper, we present PIndroid-a novel Permissions and Intents based framework for identifying Android malware apps. To the best of our knowledge, PIndroid is the first solution that uses a combination of permissions and intents supplemented with Ensemble methods for accurate malware detection. The proposed approach, when applied to 1,745 real world applications, provides 99.8% accuracy (which is best reported to date). Empirical results suggest that the proposed framework is effective in detection of malware apps.

show abstract

Section: Inter-component Communication / Intents Analysismentioning

confidence: 99%

PIndroid: A novel Android malware detection system using ensemble learning methods

Idrees

Rajarajan

Conti

et al. 2017

Computers & Security

178

View full text Add to dashboard Cite

show abstract

“…Intent messages, when exchanged, can be used by malicious applications to escalate privileges. The inter-component communication mechanizing [20] of Android relies chiefly on Intent messages. Intents are generally used by Android to aid data delivery via asynchronous messages.…”

Section: Intent Messagementioning

confidence: 99%

Modeling Correlation between Android Permissions Based on Threat and Protection Level Using Exploratory Factor Plane Analysis

Ashawa

Morris

2021

JCP

View full text Add to dashboard Cite

The evolution of mobile technology has increased correspondingly with the number of attacks on mobile devices. Malware attack on mobile devices is one of the top security challenges the mobile community faces daily. While malware classification and detection tools are being developed to fight malware infection, hackers keep deploying different infection strategies, including permissions usage. Among mobile platforms, Android is the most targeted by malware because of its open OS and popularity. Permissions is one of the major security techniques used by Android and other mobile platforms to control device resources and enhance access control. In this study, we used the t-Distribution stochastic neighbor embedding (t-SNE) and Self-Organizing Map techniques to produce a visualization method using exploratory factor plane analysis to visualize permissions correlation in Android applications. Two categories of datasets were used for this study: the benign and malicious datasets. Dataset was obtained from Contagio, VirusShare, VirusTotal, and Androzoo repositories. A total of 12,267 malicious and 10,837 benign applications with different categories were used. We demonstrate that our method can identify the correlation between permissions and classify Android applications based on their protection and threat level. Our results show that every permission has a threat level. This signifies those permissions with the same protection level have the same threat level.

show abstract

“…Sadeghi et al [54] worked on inter-app security vulnerabilities using compositional analysis. A good discussion on detection and exploitation of Intent message vulnerabilities using taint analysis is presented in Reference [58]. Lei et al [12] worked on vulnerabilities owing to invocation of services through implicit Intents.…”

Section: Related Workmentioning

confidence: 99%

Vulvet

et al. 2020

View full text Add to dashboard Cite

Data security and privacy of Android users is one of the challenging security problems addressed by the security research community. A major source of the security vulnerabilities in Android apps is attributed to bugs within source code, insecure APIs, and unvalidated code before performing sensitive operations. Specifically, the major class of app vulnerabilities is related to the categories such as inter-component communication (ICC), networking, web, cryptographic APIs, storage, and runtime-permission validation. A major portion of current contributions focus on identifying a smaller subset of vulnerabilities. In addition, these methods do not discuss how to remove detected vulnerabilities from the affected code. In this work, we propose a novel vulnerability detection and patching framework, Vulvet, which employs static analysis approaches from different domains of program analysis for detection of a wide range of vulnerabilities in Android apps. We propose an additional lightweight technique, FP-Validation, to mitigate false positives in comparison to existing solutions owing to over-approximation. In addition to improved detection, Vulvet provides an automated patching of apps with safe code for each of the identified vulnerability using bytecode instrumentation. We implement Vulvet as an extension of Soot. To demonstrate the efficiency of our proposed framework, we analyzed 3,700 apps collected from various stores and benchmarks consisting of various weak implementations. Our results indicate that Vulvet is able to achieve vulnerability detection with 95.23% precision and 0.975 F-measure on benchmark apps; a significant improvement in comparison to recent works along with successful patching of identified vulnerabilities. CCS Concepts: • Security and privacy → Domain-specific security and privacy architectures;

show abstract

Practical Exploit Generation for Intent Message Vulnerabilities in Android

Cited by 14 publications

References 3 publications

PIndroid: A novel Android malware detection system using ensemble learning methods

PIndroid: A novel Android malware detection system using ensemble learning methods

Modeling Correlation between Android Permissions Based on Threat and Protection Level Using Exploratory Factor Plane Analysis

Vulvet

Contact Info

Product

Resources

About