659 research outputs found
IoTSan: Fortifying the Safety of IoT Systems
Today's IoT systems include event-driven smart applications (apps) that
interact with sensors and actuators. A problem specific to IoT systems is that
buggy apps, unforeseen bad app interactions, or device/communication failures,
can cause unsafe and dangerous physical states. Detecting flaws that lead to
such states, requires a holistic view of installed apps, component devices,
their configurations, and more importantly, how they interact. In this paper,
we design IoTSan, a novel practical system that uses model checking as a
building block to reveal "interaction-level" flaws by identifying events that
can lead the system to unsafe states. In building IoTSan, we design novel
techniques tailored to IoT systems, to alleviate the state explosion associated
with model checking. IoTSan also automatically translates IoT apps into a
format amenable to model checking. Finally, to understand the root cause of a
detected vulnerability, we design an attribution mechanism to identify
problematic and potentially malicious apps. We evaluate IoTSan on the Samsung
SmartThings platform. From 76 manually configured systems, IoTSan detects 147
vulnerabilities. We also evaluate IoTSan with malicious SmartThings apps from a
previous effort. IoTSan detects the potential safety violations and also
effectively attributes these apps as malicious.Comment: Proc. of the 14th ACM CoNEXT, 201
An Empirical Study on Android for Saving Non-shared Data on Public Storage
With millions of apps that can be downloaded from official or third-party
market, Android has become one of the most popular mobile platforms today.
These apps help people in all kinds of ways and thus have access to lots of
user's data that in general fall into three categories: sensitive data, data to
be shared with other apps, and non-sensitive data not to be shared with others.
For the first and second type of data, Android has provided very good storage
models: an app's private sensitive data are saved to its private folder that
can only be access by the app itself, and the data to be shared are saved to
public storage (either the external SD card or the emulated SD card area on
internal FLASH memory). But for the last type, i.e., an app's non-sensitive and
non-shared data, there is a big problem in Android's current storage model
which essentially encourages an app to save its non-sensitive data to shared
public storage that can be accessed by other apps. At first glance, it seems no
problem to do so, as those data are non-sensitive after all, but it implicitly
assumes that app developers could correctly identify all sensitive data and
prevent all possible information leakage from private-but-non-sensitive data.
In this paper, we will demonstrate that this is an invalid assumption with a
thorough survey on information leaks of those apps that had followed Android's
recommended storage model for non-sensitive data. Our studies showed that
highly sensitive information from billions of users can be easily hacked by
exploiting the mentioned problematic storage model. Although our empirical
studies are based on a limited set of apps, the identified problems are never
isolated or accidental bugs of those apps being investigated. On the contrary,
the problem is rooted from the vulnerable storage model recommended by Android.
To mitigate the threat, we also propose a defense framework
FraudDroid: Automated Ad Fraud Detection for Android Apps
Although mobile ad frauds have been widespread, state-of-the-art approaches
in the literature have mainly focused on detecting the so-called static
placement frauds, where only a single UI state is involved and can be
identified based on static information such as the size or location of ad
views. Other types of fraud exist that involve multiple UI states and are
performed dynamically while users interact with the app. Such dynamic
interaction frauds, although now widely spread in apps, have not yet been
explored nor addressed in the literature. In this work, we investigate a wide
range of mobile ad frauds to provide a comprehensive taxonomy to the research
community. We then propose, FraudDroid, a novel hybrid approach to detect ad
frauds in mobile Android apps. FraudDroid analyses apps dynamically to build UI
state transition graphs and collects their associated runtime network traffics,
which are then leveraged to check against a set of heuristic-based rules for
identifying ad fraudulent behaviours. We show empirically that FraudDroid
detects ad frauds with a high precision (93%) and recall (92%). Experimental
results further show that FraudDroid is capable of detecting ad frauds across
the spectrum of fraud types. By analysing 12,000 ad-supported Android apps,
FraudDroid identified 335 cases of fraud associated with 20 ad networks that
are further confirmed to be true positive results and are shared with our
fellow researchers to promote advanced ad fraud detectionComment: 12 pages, 10 figure
On the Security and Privacy Challenges in Android-based Environments
In the last decade, we have faced the rise of mobile devices as a fundamental tool in our everyday life.
Currently, there are above 6 billion smartphones, and 72% of them are Android devices.
The functionalities of smartphones are enriched by mobile apps through which users can perform operations that in the past have been made possible only on desktop/laptop computing.
Besides, users heavily rely on them for storing even the most sensitive information from a privacy point of view.
However, apps often do not satisfy all minimum security requirements and can be targeted to indirectly attack other devices managed or connected to them (e.g., IoT nodes) that may perform sensitive operations such as health checks, control a smart car or open a smart lock.
This thesis discusses some research activities carried out to enhance the security and privacy of mobile apps by i) proposing novel techniques to detect and mitigate security vulnerabilities and privacy issues, and ii) defining techniques devoted to the security evaluation of apps interacting with complex environments (e.g., mobile-IoT-Cloud).
In the first part of this thesis, I focused on the security and privacy of Mobile Apps. Due to the widespread adoption of mobile apps, it is relatively straightforward for researchers or users to quickly retrieve the app that matches their tastes, as Google provides a reliable search engine. However, it is likewise almost impossible to select apps according to a security footprint (e.g., all apps that enforce SSL pinning).
To overcome this limitation, I present APPregator, a platform that allows users to select apps according to a specific security footprint.
This tool aims to implement state-of-the-art static and dynamic analysis techniques for mobile apps and provide security researchers and analysts with a tool that makes it possible to search for mobile applications under specific functional or security requirements.
Regarding the security status of apps, I studied a particular context of mobile apps: hybrid apps composed of web technologies and native technologies (i.e., Java or Kotlin). In this context, I studied a vulnerability that affected only hybrid apps: the Frame Confusion.
This vulnerability, despite being discovered several years ago, it is still very widespread.
I proposed a methodology implemented in FCDroid that exploits static and dynamic analysis techniques to detect and trigger the vulnerability automatically.
The results of an extensive analysis carried out through FCDroid on a set of the most downloaded apps from the Google Play Store prove that 6.63% (i.e., 1637/24675) of hybrid apps are potentially vulnerable to Frame Confusion.
A side effect of the analysis I carried out through APPregator was suggesting that very few apps may have a privacy policy, despite Google Play Store imposes some strict rules about it and contained in the Google Play Privacy Guidelines.
To empirically verify if that was the case, I proposed a methodology based on the combination of static analysis, dynamic analysis, and machine learning techniques.
The proposed methodology verifies whether each app contains a privacy policy compliant with the Google Play Privacy Guidelines, and if the app accesses privacy-sensitive information only upon the acceptance of the policy by the user.
I then implemented the methodology in a tool, 3PDroid, and evaluated a number of recent and most downloaded Android apps in the Google Play Store.
Experimental results suggest that over 95% of apps access sensitive user privacy information, but only a negligible subset of it (~ 1%) fully complies with the Google Play Privacy Guidelines.
Furthermore, the obtained results have also suggested that the user privacy could be put at risk by mobile apps that keep collecting a plethora of information regarding the user's and the device behavior by relying on third-party analytics libraries.
However, collecting and using such data raised several privacy concerns, mainly because the end-user - i.e., the actual data owner - is out of the loop in this collection process. The existing privacy-enhanced solutions that emerged in the last years follow an ``all or nothing" approach, leaving to the user the sole option to accept or completely deny access to privacy-related data.
To overcome the current state-of-the-art limitations, I proposed a data anonymization methodology, called MobHide, that provides a compromise between the usefulness and privacy of the data collected and gives the user complete control over the sharing process.
For evaluating the methodology, I implemented it in a prototype called HideDroid and tested it on 4500 most-used Android apps of the Google Play Store between November 2020 and January 2021.
In the second part of this thesis, I extended privacy and security considerations outside the boundary of the single mobile device.
In particular, I focused on two scenarios.
The first is composed of an IoT device and a mobile app that have a fruitful integration to resolve and perform specific actions.
From a security standpoint, this leads to a novel and unprecedented attack surface.
To deal with such threats, applying state-of-the-art security analysis techniques on each paradigm can be insufficient.
I claimed that novel analysis methodologies able to systematically analyze the ecosystem as a whole must be put forward.
To this aim, I introduced the idea of APPIoTTe, a novel approach to the security testing of Mobile-IoT hybrid ecosystems, as well as some notes on its implementation working on Android (Mobile) and Android Things (IoT) applications.
The second scenario is composed of an IoT device widespread in the Smart Home environment: the Smart Speaker.
Smart speakers are used to retrieving information, interacting with other devices, and commanding various IoT nodes. To this aim, smart speakers typically take advantage of cloud architectures: vocal commands of the user are sampled, sent through the Internet to be processed, and transmitted back for local execution, e.g., to activate an IoT device.
Unfortunately, even if privacy and security are enforced through state-of-the-art encryption mechanisms, the features of the encrypted traffic, such as the throughput, the size of protocol data units, or the IP addresses, can leak critical information about the users' habits.
In this perspective, I showcase this kind of risk by exploiting machine learning techniques to develop black-box models to classify traffic and implement privacy leaking attacks automatically
UNCOVERING AND MITIGATING UNSAFE PROGRAM INTEGRATIONS IN ANDROID
Android’s design philosophy encourages the integration of resources and functionalities from multiple parties, even with different levels of trust. Such program integrations, on one hand, connect every party in the Android ecosystem tightly on one single device. On the other hand, they can also pose severe security problems, if the security design of the underlying integration schemes is not well thought-out. This dissertation systematically evaluates the security design of three integration schemes on Android, including framework module, framework proxy and 3rd-party code embedding. With the security risks identified in each scheme, it concludes that program integrations on Android are unsafe. Furthermore, new frameworks have been designed and implemented to detect and mitigate the threats. The evaluation results on the prototypes have demonstrated their effectiveness
Exploiting Model Checking for Mobile Botnet Detection
Android malware is increasing from the point of view of the complexity and the harmful actions. As a matter fact, malware writers are developing sophisticated techniques to infect mobile devices very closed to their counterpart for personal computers. One of these threats is represented by the possibility to control the infected devices from the attacker i.e., the so-called botnet. In this paper a method able to identify botnet in Android environment through model checking is proposed. Starting from the malicious payload definition, the proposed method is able to detect and to localize the code related to the malicious botnet. We experiment real-world botnet based Android malware, obtaining encouraging results
Using Context and Interactions to Verify User-Intended Network Requests
Client-side malware can attack users by tampering with applications or user
interfaces to generate requests that users did not intend. We propose Verified
Intention (VInt), which ensures a network request, as received by a service, is
user-intended. VInt is based on "seeing what the user sees" (context). VInt
screenshots the user interface as the user interacts with a security-sensitive
form. There are two main components. First, VInt ensures output integrity and
authenticity by validating the context, ensuring the user sees correctly
rendered information. Second, VInt extracts user-intended inputs from the
on-screen user-provided inputs, with the assumption that a human user checks
what they entered. Using the user-intended inputs, VInt deems a request to be
user-intended if the request is generated properly from the user-intended
inputs while the user is shown the correct information. VInt is implemented
using image analysis and Optical Character Recognition (OCR). Our evaluation
shows that VInt is accurate and efficient
Android Application Security Scanning Process
This chapter presents the security scanning process for Android applications. The aim is to guide researchers and developers to the core phases/steps required to analyze Android applications, check their trustworthiness, and protect Android users and their devices from being victims to different malware attacks. The scanning process is comprehensive, explaining the main phases and how they are conducted including (a) the download of the apps themselves; (b) Android application package (APK) reverse engineering; (c) app feature extraction, considering both static and dynamic analysis; (d) dataset creation and/or utilization; and (e) data analysis and data mining that result in producing detection systems, classification systems, and ranking systems. Furthermore, this chapter highlights the app features, evaluation metrics, mechanisms and tools, and datasets that are frequently used during the app’s security scanning process
- …