nach oben

Software Quality Journal

Erschienen in:

31.05.2017

System-level attacks against android by exploiting asynchronous programming

verfasst von: Ting Chen, Xiaoqi Li, Xiapu Luo, Xiaosong Zhang

Erschienen in: Software Quality Journal | Ausgabe 3/2018

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

To avoid unresponsiveness, Android developers utilize asynchronous programming to schedule long-running tasks in the background. In this work, we conduct a systematic study on IntentService, one of the async constructs provided by Android using static program analysis, and find that in Android 6, 974 intents can be sent by third-party applications without protection. Based on this observation, we develop a tool, ATUIN, to demonstrate the feasibility of attacking a CPU automatically by exploiting the intents that can be handled by an Android system. Furthermore, by investigating the unprotected intents, we discover tens of critical vulnerabilities that have not been reported before, including Wi-Fi DoS, telephone signal blocking, SIM card removal, homescreen hiding, and NFC state cheating. Our study sheds light on research into protecting asynchronous programming from being exploited by hackers.

Vorheriger Artikel Detecting potential deadlocks through change impact analysis

Nächster Artikel A multi-aspect online tuning framework for HPC applications

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Alam, F., Panda, P.R., Tripathi, N., Sharma, N., & Narayan, S. (2014). Energy optimization in Android applications through wakelock placement, Proceedings of DATE (pp. 1–4).

Armando, A., Merlo, A., Migliardi, M., & Verderame, L. (2012). Would you mind forking this process? A denial of service attack on Android (and some countermeasures), Proceedings of IFIP SEC (pp. 13–24).

Bandla. Android Version Share: Lollipop still leads with 34%, Nougat at 0.4%. http://www.gadgetdetail.com/android-version-market-share-distribution/.

Bauer, M., Coatsworth, M., & Moeller, J. (2015). NANSA: A no-attribution nosleep battery exhaustion attack for portable computing devices.

Chen, T., Tang, H., Zhou, K., Zhang, X., & Lin, X. (2016). Silent Battery Draining Attack Against Android Systems by Subverting Doze Mode, Proceedings of the GlobeCom.

Eian, M., & Mjolsnes, S. (2012). A formal analysis of IEEE 802.11w deadlock vulnerabilities, Proceedings of INFOCOM.

Fiore, U., Palmieri, F., Castiglione, A., Loia, V., & De Santis, A. (2014). Multimedia-based battery drain attacks for android devices, Proceedings of CCNC (pp. 145–150).

Gordon, M.S., Hong, D.K., Chen, P.M., Flinn, J., Mahlke, S., & Mao, Z.M. (2015). Accelerating mobile applications through flip-flop replication, Proceedings of MobiSys (pp. 137–150).CrossRef

Guo, C., Zhang, J., Yan, J., Zhang, Z., & Zhang, Y. (2013). Characterizing and detecting resource leaks in android applications, Proceedings of ASE (pp. 389–398).

Huang, H., Zhu, S., Chen, K., & Liu, P. (2015). From system services freezing to system server shutdown in android All you need is a loop in an app, Proceedings of CCS (pp. 1236–1247).CrossRef

Jindal, A., Pathak, A., Hu, Y.C., & Midkiff, S. (2013a). Hypnos: understanding and treating sleep conflicts in smartphones, Proceedings of EuroSys (pp. 253–266).

Jindal, A., Pathak, A., Hu, Y.C., & Midkiff, S. (2013b). On death, taxes, and sleep disorder bugs in smartphones, Proceedings of HotPower (pp. 1–5).

Kang, Y., Zhou, Y., Xu, H., & Lyu, M.R. (2016). DiagDroid: Android performance diagnosis via anatomizing asynchronous executions, Proceedings of the FSE (pp. 410–421).

Lee, K., Chu, D., Cuervo, E., Kopf, J., Degtyarev, Y., Grizan, S., Wolman, A., & Flinn, J. (2015). Outatime: Using speculation to enable low-latency continuous interaction for mobile cloud gaming, Proceedings of MobiSys (pp. 151–165).CrossRef

Lin, Y., Radoi, C., & Dig, D. (2014). Retrofitting concurrency for android applications through refactoring, Proceedings of the FSE, 2014 (pp. 341–352).

Lin, Y., Radoi, C., & Dig, D. (2015). Study and refactoring of android asynchronous programming, Proceedings of the ASE. 2015 (pp. 224–235).

Linares-Vásquez, M., Vendome, C., Luo, Q., & Poshyvanyk, D. (2015). How developers detect and fix performance bottlenecks in android apps, Proceedings of ICSME (pp. 352–361).

Liu, Y., Xu, C., & Cheung, S.-C. (2014). Characterizing and detecting performance bugs for smartphone applications, Proceedings of ICSE (pp. 1013–1024).

Nguyen, D.T., Zhou, G., Xing, G., Qi, X., Hao, Z., Peng, G., & Yang, Q. (2015). Reducing smartphone application delay through read/write isolation, Proceedings of Mobisys (pp. 287–300).CrossRef

Pathak, A., Jindal, A., Hu, Y.C., & Midkiff, S.P. (2012). What is keeping my phone awake?: characterizing and detecting no-sleep energy bugs in smartphone apps, Proceedings of MobiSys (pp. 267–280).CrossRef

Schartner, P., & Bürger, S. (2012). Attacking Android’s Intent Processing and First Steps towards Protecting it. Technical Report TR-syssec-12-01, Universität Klagenfurt.

Terada, T. (2014). Attacking Android browsers via intent scheme. http://www.mbsd.jp/Whitepaper/IntentScheme.pdf http://www.mbsd.jp/Whitepaper/IntentScheme.pdf.

Wang, K., Zhang, Y., & Liu, P. (2016). Call me Back!: attacks on system server and system apps in android through synchronous callback, Proceedings of CCS (pp. 92–103).

Xu, G., Mitchell, N., Arnold, M., Rountev, A., Schonberg, E., & Sevitsky, G. (2012). Finding low-utility data structures, Proceedings of PLDI (pp. 174–186).

Yang, S., Yan, D., & Rountev, A. (2013). Testing for poor responsiveness in Android applications, Proceedings of the MOBS (pp. 1–6).

Yang, K., Zhuge, J., Wang, Y., Zhou, L., & Duan, H. (2014). Intentfuzzer: detecting capability leaks of android applications, Proceedings of ASIACCS (pp. 531–536).

Zhang, L., Gordon, M.S., Dick, R.P., Mao, Z., Dinda, P.A., & Yang, L. (2012). ADEL: An automated detector of energy leaks for smartphone applications, Proceedings of CODES+ISSS (pp. 363–372).CrossRef

Titel: System-level attacks against android by exploiting asynchronous programming
verfasst von: Ting Chen
Xiaoqi Li
Xiapu Luo
Xiaosong Zhang
Publikationsdatum: 31.05.2017
Verlag: Springer US
Erschienen in: Software Quality Journal / Ausgabe 3/2018
Print ISSN: 0963-9314
Elektronische ISSN: 1573-1367
DOI: https://doi.org/10.1007/s11219-017-9374-6

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Weitere Artikel der Ausgabe 3/2018

Asynchronous multi-process timed automata

A fault tolerant election-based deadlock detection algorithm in distributed systems

Dynamic structure measurement for distributed software

Guest editorial: special issue on concurrent software quality

Contributions for the structural testing of multithreaded programs: coverage criteria, testing tool, and experimental evaluation

Detecting potential deadlocks through change impact analysis

Premium Partner