Results 1 - 10
of
78
Dissecting android malware: Characterization and evolution
- In IEEE Symposium on Security and Privacy
, 2012
"... Abstract—The popularity and adoption of smartphones has greatly stimulated the spread of mobile malware, especially on the popular platforms such as Android. In light of their rapid growth, there is a pressing need to develop effective solutions. However, our defense capability is largely constraine ..."
Abstract
-
Cited by 212 (8 self)
- Add to MetaCart
(Show Context)
Abstract—The popularity and adoption of smartphones has greatly stimulated the spread of mobile malware, especially on the popular platforms such as Android. In light of their rapid growth, there is a pressing need to develop effective solutions. However, our defense capability is largely constrained by the limited understanding of these emerging mobile malware and the lack of timely access to related samples. In this paper, we focus on the Android platform and aim to systematize or characterize existing Android malware. Particularly, with more than one year effort, we have managed to collect more than 1,200 malware samples that cover the majority of existing Android malware families, ranging from their debut in August 2010 to recent ones in October 2011. In addition, we systematically characterize them from various aspects, including their installation methods, activation mech-anisms as well as the nature of carried malicious payloads. The characterization and a subsequent evolution-based study of representative families reveal that they are evolving rapidly to circumvent the detection from existing mobile anti-virus software. Based on the evaluation with four representative mobile security software, our experiments show that the best case detects 79.6 % of them while the worst case detects only 20.2 % in our dataset. These results clearly call for the need to better develop next-generation anti-mobile-malware solutions. Keywords-Android malware; smartphone security I.
Riskranker: scalable and accurate zero-day Android malware detection
- In Proceedings of the 10th international conference on Mobile systems, applications, and services, MobiSys ’12
, 2012
"... Smartphone sales have recently experienced explosive growth. Their popularity also encourages malware authors to pene-trate various mobile marketplaces with malicious applica-tions (or apps). These malicious apps hide in the sheer number of other normal apps, which makes their detection challenging. ..."
Abstract
-
Cited by 72 (7 self)
- Add to MetaCart
(Show Context)
Smartphone sales have recently experienced explosive growth. Their popularity also encourages malware authors to pene-trate various mobile marketplaces with malicious applica-tions (or apps). These malicious apps hide in the sheer number of other normal apps, which makes their detection challenging. Existing mobile anti-virus software are inade-quate in their reactive nature by relying on known malware samples for signature extraction. In this paper, we propose a proactive scheme to spot zero-day Android malware. With-out relying on malware samples and their signatures, our scheme is motivated to assess potential security risks posed by these untrusted apps. Specifically, we have developed an automated system called RiskRanker to scalably analyze whether a particular app exhibits dangerous behavior (e.g., launching a root exploit or sending background SMS mes-sages). The output is then used to produce a prioritized list of reduced apps that merit further investigation. When applied to examine 118, 318 total apps collected from var-ious Android markets over September and October 2011, our system takes less than four days to process all of them and effectively reports 3, 281 risky apps. Among these re-ported apps, we successfully uncovered 718 malware samples (in 29 families) and 322 of them are zero-day (in 11 fami-lies). These results demonstrate the efficacy and scalability of RiskRanker to police Android markets of all stripes.
AdSplit: Separating smartphone advertising from applications
- in Proceedings of the 21st USENIX Security Symposium
, 2012
"... A wide variety of smartphone applications today rely on third-party advertising services, which provide libraries that are linked into the hosting application. This situation is undesirable for both the application author and the advertiser. Advertising libraries require their own permissions, resul ..."
Abstract
-
Cited by 53 (2 self)
- Add to MetaCart
(Show Context)
A wide variety of smartphone applications today rely on third-party advertising services, which provide libraries that are linked into the hosting application. This situation is undesirable for both the application author and the advertiser. Advertising libraries require their own permissions, resulting in additional permission requests to users. Likewise, a malicious application could simulate the behavior of the advertising library, forging the user’s interaction and stealing money from the advertiser. This paper describes AdSplit, where we extended Android to allow an application and its advertising to run as separate processes, under separate user-ids, eliminating the need for applications to request permissions on behalf of their advertising libraries, and providing services to validate the legitimacy of clicks, locally and remotely. AdSplit automatically recompiles apps to extract their ad services, and we measure minimal runtime overhead. AdSplit also supports a system resource that allows advertisements to display their content in an embedded HTML widget, without requiring any native code. 1
Effective inter-component communication mapping in Android with Epicc: An essential step towards holistic security analysis
- In USENIX Security Symposium
, 2013
"... Many threats present in smartphones are the result of in-teractions between application components, not just ar-tifacts of single components. However, current tech-niques for identifying inter-application communication are ad hoc and do not scale to large numbers of ap-plications. In this paper, we ..."
Abstract
-
Cited by 31 (3 self)
- Add to MetaCart
(Show Context)
Many threats present in smartphones are the result of in-teractions between application components, not just ar-tifacts of single components. However, current tech-niques for identifying inter-application communication are ad hoc and do not scale to large numbers of ap-plications. In this paper, we reduce the discovery of inter-component communication (ICC) in smartphones to an instance of the Interprocedural Distributive Envi-ronment (IDE) problem, and develop a sound static anal-ysis technique targeted to the Android platform. We ap-ply this analysis to 1,200 applications selected from the Play store and characterize the locations and substance of their ICC. Experiments show that full specifications for ICC can be identified for over 93 % of ICC locations for the applications studied. Further the analysis scales well; analysis of each application took on average 113 seconds to complete. Epicc, the resulting tool, finds ICC vulnerabilities with far fewer false positives than the next best tool. In this way, we develop a scalable vehicle to extend current security analysis to entire collections of applications as well as the interfaces they export. 1
Detecting Passive Content Leaks and Pollution in Android Applications
- In Proceedings of the 20th Annual Symposium on Network and Distributed System Security, NDSS ’13
, 2013
"... In this paper, we systematically study two vulnerabili-ties and their presence in existing Android applications (or “apps”). These two vulnerabilities are rooted in an unpro-tected Android component, i.e., content provider, inside vul-nerable apps. Because of the lack of necessary access con-trol en ..."
Abstract
-
Cited by 24 (3 self)
- Add to MetaCart
(Show Context)
In this paper, we systematically study two vulnerabili-ties and their presence in existing Android applications (or “apps”). These two vulnerabilities are rooted in an unpro-tected Android component, i.e., content provider, inside vul-nerable apps. Because of the lack of necessary access con-trol enforcement, affected apps can be exploited to either passively disclose various types of private in-app data or inadvertently manipulate certain security-sensitive in-app settings or configurations that may subsequently cause se-rious system-wide side effects (e.g., blocking all incoming phone calls or SMS messages). To assess the prevalence of these two vulnerabilities, we analyze 62, 519 apps collected in February 2012 from various Android markets. Our re-sults show that among these apps, 1, 279 (2.0%) and 871 (1.4%) of them are susceptible to these two vulnerabilities, respectively. In addition, we find that 435 (0.7%) and 398 (0.6%) of them are accessible from official Google Play and some of them are extremely popular with more than 10, 000, 000 installs. The presence of a large number of vulnerable apps in popular Android markets as well as the variety of private data for leaks and manipulation reflect the severity of these two vulnerabilities. To address them, we also explore and examine possible mitigation solutions. 1
Flexible and Fine-Grained Mandatory Access Control on Android for Diverse Security and Privacy Policies
"... In this paper we tackle the challenge of providing a generic security architecture for the Android OS that can serve as a flexible and effective ecosystem to instantiate different security solutions. In contrast to prior work our security architecture, termed FlaskDroid, provides mandatory access co ..."
Abstract
-
Cited by 23 (3 self)
- Add to MetaCart
(Show Context)
In this paper we tackle the challenge of providing a generic security architecture for the Android OS that can serve as a flexible and effective ecosystem to instantiate different security solutions. In contrast to prior work our security architecture, termed FlaskDroid, provides mandatory access control simultaneously on both Android’s middleware and kernel layers. The alignment of policy enforcement on these two layers is non-trivial due to their completely different semantics. We present an efficient policy language (inspired by SELinux) tailored to the specifics of Android’s middleware semantics. We show the flexibility of our architecture by policydriven instantiations of selected security models such as the existing work Saint as well as a new privacyprotecting, user-defined and fine-grained per-app access control model. Other possible instantiations include phone booth mode, or dual persona phone. Finally we evaluate our implementation on SE Android 4.0.4 illustrating its efficiency and effectiveness. 1
Vetting undesirable behaviors in android apps with permission use analysis
- In CCS
, 2013
"... Android platform adopts permissions to protect sensitive resources from untrusted apps. However, after permissions are granted by users at install time, apps could use these permissions (sensitive resources) with no further restrictions. Thus, recent years have witnessed the explosion of undesirable ..."
Abstract
-
Cited by 20 (2 self)
- Add to MetaCart
(Show Context)
Android platform adopts permissions to protect sensitive resources from untrusted apps. However, after permissions are granted by users at install time, apps could use these permissions (sensitive resources) with no further restrictions. Thus, recent years have witnessed the explosion of undesirable behaviors in Android apps. An important part in the defense is the accurate analysis of Android apps. However, traditional syscall-based analysis techniques are not well-suited for Android, because they could not capture critical interactions between the application and the Android system. This paper presents VetDroid, a dynamic analysis platform for reconstructing sensitive behaviors in Android apps from a novel permission use perspective. VetDroid features a systematic frame-work to effectively construct permission use behaviors, i.e., how applications use permissions to access (sensitive) system resources, and how these acquired permission-sensitive resources are further utilized by the application. With permission use behaviors, security analysts can easily examine the internal sensitive behaviors of an app. Using real-world Android malware, we show that VetDroid can clearly reconstruct fine-grained malicious behaviors to ease malware analysis. We further apply VetDroid to 1,249 top free apps in Google Play. VetDroid can assist in finding more information leaks than TaintDroid [24], a state-of-the-art technique. In addition, we show howwe can use VetDroid to analyze fine-grained causes of information leaks that TaintDroid cannot reveal. Finally, we show that VetDroid can help identify subtle vulnerabilities in some (top free) applications otherwise hard to detect.
PlaceRaider: Virtual theft in physical spaces with smartphones
- in Network and Distributed System Security Symposium
, 2013
"... Abstract—Each new generation of smartphone features in-creasingly powerful onboard sensor suites. A new strain of ‘sensory malware ’ has been developing that leverages these sensors to steal information from the physical environment — e.g., researchers have recently demonstrated how malware can ‘lis ..."
Abstract
-
Cited by 16 (3 self)
- Add to MetaCart
(Show Context)
Abstract—Each new generation of smartphone features in-creasingly powerful onboard sensor suites. A new strain of ‘sensory malware ’ has been developing that leverages these sensors to steal information from the physical environment — e.g., researchers have recently demonstrated how malware can ‘listen ’ for spoken credit card numbers through the micro-phone, or ‘feel ’ keystroke vibrations using the accelerometer. Yet the possibilities of what malware can ‘see ’ through a camera have been understudied. This paper introduces PlaceRaider, a novel ‘visual malware’ that allows remote attackers to engage in remote reconnais-sance and what we call “virtual theft. ” Through completely opportunistic use of the phone’s camera and other sensors, PlaceRaider constructs rich, three dimensional models of indoor environments. Remote burglars can thus ‘download’ the physical space, study the environment carefully, and steal virtual objects from the environment (such as financial doc-uments, information on computer monitors, and personally identifiable information). Through two human subject studies we demonstrate the effectiveness of using mobile devices as powerful surveillance and virtual theft platforms, and we suggest several possible defenses against visual malware. I.
Understanding and Improving App Installation Security Mechanisms through Empirical Analysis of Android”, SPSM’12
- ACM
, 2012
"... We provide a detailed analysis of two largely unexplored aspects of the security decisions made by the Android operating system during the app installation process: update integrity and UID assignment. To inform our analysis, we collect a dataset of Android application metadata and extract features ..."
Abstract
-
Cited by 15 (2 self)
- Add to MetaCart
We provide a detailed analysis of two largely unexplored aspects of the security decisions made by the Android operating system during the app installation process: update integrity and UID assignment. To inform our analysis, we collect a dataset of Android application metadata and extract features from these binaries to gain a better understanding of how developers interact with the security mechanisms invoked during installation. Using the dataset, we find empirical evidence that Android’s current signing architecture does not encourage best security practices. We also find that limitations of Android’s UID sharing method force developers to write custom code rather than rely on OS-level mechanisms for secure data transfer between apps. As a result of our analysis, we recommend incrementally deployable improvements, including a novel UID sharing mechanism with applicability to signature-level permissions. We additionally discuss mitigation options for a security bug in Google’s Play store, which allows apps to transparently obtain more privileges than those requested in the manifest.
Unauthorized origin crossing on mobile platforms: Threats and mitigation.
- In CCS,
, 2013
"... ABSTRACT With the progress in mobile computing, web services are increasingly delivered to their users through mobile apps, instead of web browsers. However, unlike the browser, which enforces origin-based security policies to mediate the interactions between the web content from different sources, ..."
Abstract
-
Cited by 15 (2 self)
- Add to MetaCart
(Show Context)
ABSTRACT With the progress in mobile computing, web services are increasingly delivered to their users through mobile apps, instead of web browsers. However, unlike the browser, which enforces origin-based security policies to mediate the interactions between the web content from different sources, today's mobile OSes do not have a comparable security mechanism to control the crossorigin communications between apps, as well as those between an app and the web. As a result, a mobile user's sensitive web resources could be exposed to the harms from a malicious origin. In this paper, we report the first systematic study on this mobile cross-origin risk. Our study inspects the main cross-origin channels on Android and iOS, including intent, scheme and webaccessing utility classes, and further analyzes the ways popular web services (e.g., Facebook, Dropbox, etc.) and their apps utilize those channels to serve other apps. The research shows that lack of origin-based protection opens the door to a wide spectrum of cross-origin attacks. These attacks are unique to mobile platforms, and their consequences are serious: for example, using carefully designed techniques for mobile cross-site scripting and request forgery, an unauthorized party can obtain a mobile user's Facebook/Dropbox authentication credentials and record her text input. We report our findings to related software vendors, who all acknowledged their importance. To address this threat, we designed an origin-based protection mechanism, called Morbs, for mobile OSes. Morbs labels every message with its origin information, lets developers easily specify security policies, and enforce the policies on the mobile channels based on origins. Our evaluation demonstrates the effectiveness of our new technique in defeating unauthorized origin crossing, its efficiency and the convenience for the developers to use such protection.
