The Peril of Fragmentation: Security Hazards in Android Device Driver Customizations

Zhou, Xiaoyong; Lee, Yeonjoon; Zhang, Nan; Naveed, Muhammad

doi:10.1109/sp.2014.33

Cited by 84 publications

(51 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…One feasible solution is to prepare a customized Android version with modified audio drivers. One recent research [54] has pointed out the security risks in Android device driver customizations. Android inherits the driver management methods of Linux and devices are placed under /dev (or /sys) as files.…”

Section: Discussionmentioning

confidence: 99%

Your Voice Assistant is Mine

Diao

Liu

Zhou

et al. 2014

Proceedings of the 4th ACM Workshop on Security and Privacy in Smartphones &Amp; Mobile Devices

110

View full text Add to dashboard Cite

Previous research about sensor based attacks on Android platform focused mainly on accessing or controlling over sensitive components, such as camera, microphone and GPS. These approaches obtain data from sensors directly and need corresponding sensor invoking permissions.This paper presents a novel approach (GVS-Attack) to launch permission bypassing attacks from a zero-permission Android application (VoicEmployer) through the phone speaker. The idea of GVS-Attack is to utilize an Android system built-in voice assistant module -Google Voice Search. With Android Intent mechanism, VoicEmployer can bring Google Voice Search to foreground, and then plays prepared audio files (like "call number 1234 5678") in the background. Google Voice Search can recognize this voice command and perform corresponding operations. With ingenious design, our GVS-Attack can forge SMS/Email, access privacy information, transmit sensitive data and achieve remote control without any permission. Moreover, we found a vulnerability of status checking in Google Search app, which can be utilized by GVS-Attack to dial arbitrary numbers even when the phone is securely locked with password.

show abstract

Section: Discussionmentioning

confidence: 99%

Your Voice Assistant is Mine

Diao

Liu

Zhou

et al. 2014

Proceedings of the 4th ACM Workshop on Security and Privacy in Smartphones &Amp; Mobile Devices

110

View full text Add to dashboard Cite

show abstract

“…The vendor customizations have been proven to be problematic in prior studies. ADDICTED [37] finds under-protected Linux drivers on customized ROMs by comparing them with their counterparts on AOSP images. Harehunter [7] reveals the Hanging Attributes References vulnerability caused by the underregulated Android customization.…”

Section: Related Workmentioning

confidence: 99%

AceDroid: Normalizing Diverse Android Access Control Checks for Inconsistency Detection

Aafer

Huang

Sun

et al. 2018

Proceedings 2018 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Abstract-The Android framework has raised increased security concerns with regards to its access control enforcement. Particularly, existing research efforts successfully demonstrate that framework security checks are not always consistent across appaccessible APIs. However, existing efforts fall short in addressing peculiarities that characterize the complex Android access control and the diversity introduced by the heavy vendor customization. In this paper, we develop a new analysis framework AceDroid that models Android access control in a path-sensitive manner and normalizes diverse checks to a canonical form. We applied our proposed modeling to perform inconsistency analysis for 12 images. Our tool proved to be quite effective, enabling to detect a significant number of inconsistencies introduced by various vendors and to suppress substantial false alarms. Through investigating the results, we uncovered high impact attacks enabling to write a key logger, send premium sms messages, bypass user restrictions, perform a major denial of services and other critical operations.

show abstract

“…This problem arises when a variety of customized Android versions are used in different vendors' devices. This problem makes it difficult to provide a universal patch to enforce new security enhancement at the system level on all Android devices, due to misaligned incentives from different parties including Google, hardware vendors, and cell phone carriers [18,30,31]. Sensor Guardian does not need to modify the system to deploy the security enforcement, thus not affected by the Android fragmentation problem.…”

Section: Strengths Of Sensor Guardianmentioning

confidence: 99%

Sensor Guardian: prevent privacy inference on Android sensors

Bai

Yin

Wang

2017

EURASIP J. on Info. Security

View full text Add to dashboard Cite

Privacy inference attacks based on sensor data is an emerging and severe threat on smart devices, in which malicious applications leverage data from innocuous sensors to infer sensitive information of user, e.g., utilizing accelerometers to infer user's keystroke. In this paper, we present Sensor Guardian, a privacy protection system that mitigates this threat on Android by hooking and controlling applications' access to sensors. Sensor Guardian inserts hooks into applications by statically instrumenting their APK (short for Android Package Kit) files and enforces control policies in these hooks at runtime. Our evaluation shows that Sensor Guardian can effectively and efficiently mitigate the privacy inference threat on Android sensors, with negligible overhead during both static instrumentation and runtime control.

show abstract

The Peril of Fragmentation: Security Hazards in Android Device Driver Customizations

Cited by 84 publications

References 13 publications

Your Voice Assistant is Mine

Your Voice Assistant is Mine

AceDroid: Normalizing Diverse Android Access Control Checks for Inconsistency Detection

Sensor Guardian: prevent privacy inference on Android sensors

Contact Info

Product

Resources

About