Android at risk: current threats stemming from unprotected local and external resources

Demetriou, Soteris

Permalink

https://hdl.handle.net/2142/50478 Copy

Description

Title

Android at risk: current threats stemming from unprotected local and external resources

Author(s)

Demetriou, Soteris

Issue Date

2014-09-16

Director of Research (if dissertation) or Advisor (if thesis)

Gunter, Carl A.

Department of Study

Computer Science

Discipline

Computer Science

Degree Granting Institution

University of Illinois at Urbana-Champaign

Degree Name

M.S.

Degree Level

Thesis

Keyword(s)

• Mobile Security
• Android Security
• Privacy
• Information Leaks
• Access Control
• Mobile Accessories' Security

Abstract

Android is an open source platform derived from Linux OS. It utilizes a plethora of resources both local and external. Most of its local resources (e.g procfs nodes) were inherited from Linux with some of them being even- tually removed, while new ones were added to meet the requirements of a mobile multi-purpose platform. Moreover, such a platform compels the in- troduction of external resources which can be used in tandem with a variety of sensors (e.g Bluetooth and NFC) that the device is equipped with. This thesis demonstrates the subtlety involved in this adaptation which, if not performed correctly, can lead to severe information leaks stemming from un- protected local and external resources. It also presents new defense solutions and mitigation strategies that successfully tackle the found vulnerabilities. In particular, this thesis unearths three new side channels on Android OS. Prior to this work, these side channels were considered to be innocuous but here we illustrate that they can be used maliciously by an adversary to infer a user’s identity, geo-location, disease condition she is interested in, invest- ment information and her driving route. These information leaks, stem from local resources shared among all installed apps on Android: per-app data- usage statistics; ARP (Address Resolution Protocol) information; and speaker status (on or off). While harmless on a different setting, these public local resources can evidently disclose private information on a mobile platform and thus we maintain that they should not be freely available to all third-party apps installed on the system. To this end, we present mitigation strategies which strike a balance between the utility of apps that legitimately need to access such information and the privacy leakage risk involved. Unfortunately the design assumptions made while adapting Linux to cre- ate Android is not the only flaw of the latter. Specifically this work is also concerned with the security and privacy implications of using external to the OS resources. Such resources generate dynamic, hard to mediate channels of communication between the OS and an external source through usually a wireless protocol. We explore such implications in connecting smartphones with external Bluetooth devices. This thesis posits that Android falls short in providing secure Bluetooth connections with external devices; ergo its appli- cation in privacy critical domains is at the very least premature. We present a new threat, defined as external-device mis-bonding or DMB for short. To demonstrate the severity of the threat, we perform realistic attacks on popular medical Bluetooth devices. These attacks delineate how an unau- thorized app can capture private data from Bluetooth external devices and how it can help an adversary spoof those devices and feed erroneous data to legitimate applications. Furthermore, we designed an OS-level defense mechanism dubbed Dabinder, that addresses the system’s shortcomings, by guaranteeing that a Bluetooth connection is established only between a legitimate app and its respective accessory. Nevertheless, Bluetooth is not the only inadequately protected external resource with grave privacy ramifications. We have also studied NFC, Au- dio and SMS as potential channels of communication with alarmingly low confidentiality guarantees. We show with real world attacks, that Android’s permission model is too coarse-grained to safeguard such channels while pre- serving the utility of the apps. To better understand the prevalence of the problem we perform a measurement study on the Android ecosystem and discuss our findings. Finally this work presents SEACAT, a novel defense strategy, enhancing Android with flexible security capabilities. SEACAT is a scalable, effective and efficient solution, built on top of SELinux on Android, that enables the protection of channels used to communicate with external to Android re- sources. It achieves both MAC and DAC protection through straightforward and SELinux-compatible policies as the policy language and structure used, is in accordance with the current policy specifications. The system’s design encompasses mirror caching on both the kernel and the middleware layer which facilitates rapid policy enforcement through appropriate and carefully positioned hooks in the system.

Graduation Semester

2014-08

Permalink

http://hdl.handle.net/2142/50478

Copyright and License Information

Copyright 2014 Soteris Demetriou

Owning Collections