abstract #99 multilevel android exploit...

Abstract #99Smartphones have become an emerging platform for both personal and business applications. As the most popular mobile operating system for smartphones, Android offers great flexibility not only for users but also for application developers. However, this flexibility exposes users to additional security threats. This poster describes our ongoing research effort towards Android security issues. We first instantiate two types of possible attacks that can be launched on current Android applications available on the market. To further explore the vulnerabilities, particularly in the finance and health sector, we are developing a tool that leverages data mining techniques to automatically extract and analyze the security information of these applications, in order to detect and report the potential security threats. Moreover, we have analyzed and categorized more than a dozen security solutions proposed by different research groups. This poster provides a concise overview of this survey result. Most tools prevent potentially malicious communication within the Android operating system by repeatedly checking all communication channels and making security decisions based on a predefined security policy. Addressing the limitations of the current approaches, we propose two directions for further research. First is to implement a probabilistic protection mechanism as part of the Android framework that leverages the historical data to make better security decisions while reducing the energy overhead. The second proposed research direction is developing an Eclipse plug-in to prevent attacks by educating developers to write more secure Android applications.

Multilevel Android Exploit Protection

Boston University – Metropolitan College (MET)

Felix Rohrer, Nebiyu Feleke, Kenneth Nimley

Supervised by: Yuting Zhang, Lou Chitkushev, Tanya Zlateva

Android Overview Two Proof of Concept Attacks Current solutions

Application Phishing

Our current research (focus: Finance and Medical sector)

Permission Re-delegation

Educate developers to write secure Code

App Security information

External DBs

Static Code Analysis

...

Application Analysisthrough Data mining

Web interface

Proposed work

● Provide Security on several levels● Create an access control based on roles in order to simplify dealing with permissions● Minimize energy consumption of solution by introducing probabilistic security checks

Malware analysis

Operating System for Mobile Devices

Based on Linux

- Send to premium number- Send to third-party

- Matches user expectation

SMS Trojans and how they operate

Real Fake

Each App runs in its own Virtual Machine (Dalvik), therefore isolated from other Apps.

Inter-application communication provided by Android Framework (very flexible but introduces vulnerabilities)

Resources are labelled with permissions(i.e. INTERNET, RECEIVE_SMS)

Unprivileged App

Resource

Privileged App

Resource requestRequest accepted

Request denied

Add a mock-up screen here

from the Eclipse Plugin

Analyzed 13 security solutions from different research groups

8 solutions introduce substantial overhead (delays or energy consumption)

11 solutions require modification of framework code and therefore difficult to distribute

PoC App: Mail Bomber

PoC App: Funny Game

1%

35%

1%

62%

Types of Malware (2011)

SMS FlooderSMS TrojanWormSpyware

47%

29%

2%

5%

17%

Market Share of Smartphones by Platform

GoogleAppleSymbianMicrosoftRIM

Juniper Networks – 2011 Mobile Thread Report

Android Market reached10 Billion App downloads by December 2011

Growth rate of 1 Billion App downloads per month

450'000 Apps

Android Security

Jun Jul Aug Sep Oct Nov Dec0%

500%

1,000%

1,500%

2,000%

2,500%

3,000%

3,500%

4,000%

Cumulative Android Malware IncreaseJune - December 2011

INTERNETACCESS_NETWORK_STATE

WRITE_EXTERNAL_STORAGEREAD_PHONE_STATE

GET_ACCOUNTSVIBRATE

WAKE_LOCKREAD_CONTACTS

ACCESS_FINE_LOCATIONRECORD_AUDIO

USE_CREDENTIALS

0 20 40 60 80 100

Commonly requested permissions

(Data: 50 medical Apps, 50 financial Apps)

FinanceMedicine

# Apps

69%

31%

Permission usage

(Data: 100 Apps, 165 Permissions)

Not used

Used

Deal with Privilege Escalation attacks

XManDroid Quire

IPC Inspection SELinux

TrustDroid

Rely on user/developer

CRePE Saint

Apex ComDroid

Quire

Reduce device functionality

XManDroid CRePE

Saint Apex

Subject to false-positive/false-negative

XManDroid

IPC Inspection ComDroid

Saint

Source: Juniper Networks – 2011 Mobile Thread Report