12 research outputs found
Enter Sandbox: Android Sandbox Comparison
Expecting the shipment of 1 billion Android devices in 2017, cyber criminals
have naturally extended their vicious activities towards Google's mobile
operating system. With an estimated number of 700 new Android applications
released every day, keeping control over malware is an increasingly challenging
task. In recent years, a vast number of static and dynamic code analysis
platforms for analyzing Android applications and making decision regarding
their maliciousness have been introduced in academia and in the commercial
world. These platforms differ heavily in terms of feature support and
application properties being analyzed. In this paper, we give an overview of
the state-of-the-art dynamic code analysis platforms for Android and evaluate
their effectiveness with samples from known malware corpora as well as known
Android bugs like Master Key. Our results indicate a low level of diversity in
analysis platforms resulting from code reuse that leaves the evaluated systems
vulnerable to evasion. Furthermore the Master Key bugs could be exploited by
malware to hide malicious behavior from the sandboxes.Comment: In Proceedings of the Third Workshop on Mobile Security Technologies
(MoST) 2014 (http://arxiv.org/abs/1410.6674
Data Driven Authentication: On the Effectiveness of User Behaviour Modelling with Mobile Device Sensors
We propose a lightweight, and temporally and spatially aware user behaviour
modelling technique for sensor-based authentication. Operating in the
background, our data driven technique compares current behaviour with a user
profile. If the behaviour deviates sufficiently from the established norm,
actions such as explicit authentication can be triggered. To support a quick
and lightweight deployment, our solution automatically switches from training
mode to deployment mode when the user's behaviour is sufficiently learned.
Furthermore, it allows the device to automatically determine a suitable
detection threshold. We use our model to investigate practical aspects of
sensor-based authentication by applying it to three publicly available data
sets, computing expected times for training duration and behaviour drift. We
also test our model with scenarios involving an attacker with varying knowledge
and capabilities.Comment: In Proceedings of the Third Workshop on Mobile Security Technologies
(MoST) 2014 (http://arxiv.org/abs/1410.6674
A Systematic Security Evaluation of Android's Multi-User Framework
Like many desktop operating systems in the 1990s, Android is now in the
process of including support for multi-user scenarios. Because these scenarios
introduce new threats to the system, we should have an understanding of how
well the system design addresses them. Since the security implications of
multi-user support are truly pervasive, we developed a systematic approach to
studying the system and identifying problems. Unlike other approaches that
focus on specific attacks or threat models, ours systematically identifies
critical places where access controls are not present or do not properly
identify the subject and object of a decision. Finding these places gives us
insight into hypothetical attacks that could result, and allows us to design
specific experiments to test our hypothesis.
Following an overview of the new features and their implementation, we
describe our methodology, present a partial list of our most interesting
hypotheses, and describe the experiments we used to test them. Our findings
indicate that the current system only partially addresses the new threats,
leaving the door open to a number of significant vulnerabilities and privacy
issues. Our findings span a spectrum of root causes, from simple oversights,
all the way to major system design problems. We conclude that there is still a
long way to go before the system can be used in anything more than the most
casual of sharing environments.Comment: In Proceedings of the Third Workshop on Mobile Security Technologies
(MoST) 2014 (http://arxiv.org/abs/1410.6674
Code Injection Attacks on HTML5-based Mobile Apps
HTML5-based mobile apps become more and more popular, mostly because they are
much easier to be ported across different mobile platforms than native apps.
HTML5-based apps are implemented using the standard web technologies, including
HTML5, JavaScript and CSS; they depend on some middlewares, such as PhoneGap,
to interact with the underlying OS.
Knowing that JavaScript is subject to code injection attacks, we have
conducted a systematic study on HTML5-based mobile apps, trying to evaluate
whether it is safe to rely on the web technologies for mobile app development.
Our discoveries are quite surprising. We found out that if HTML5-based mobile
apps become popular--it seems to go that direction based on the current
projection--many of the things that we normally do today may become dangerous,
including reading from 2D barcodes, scanning Wi-Fi access points, playing MP4
videos, pairing with Bluetooth devices, etc. This paper describes how
HTML5-based apps can become vulnerable, how attackers can exploit their
vulnerabilities through a variety of channels, and what damage can be achieved
by the attackers. In addition to demonstrating the attacks through example
apps, we have studied 186 PhoneGap plugins, used by apps to achieve a variety
of functionalities, and we found that 11 are vulnerable. We also found two real
HTML5-based apps that are vulnerable to the attacks.Comment: In Proceedings of the Third Workshop on Mobile Security Technologies
(MoST) 2014 (http://arxiv.org/abs/1410.6674
Sprobes: Enforcing Kernel Code Integrity on the TrustZone Architecture
Many smartphones now deploy conventional operating systems, so the rootkit
attacks so prevalent on desktop and server systems are now a threat to
smartphones. While researchers have advocated using virtualization to detect
and prevent attacks on operating systems (e.g., VM introspection and trusted
virtual domains), virtualization is not practical on smartphone systems due to
the lack of virtualization support and/or the expense of virtualization.
Current smartphone processors do have hardware support for running a protected
environment, such as the ARM TrustZone extensions, but such hardware does not
control the operating system operations sufficiently to enable VM
introspection. In particular, a conventional operating system running with
TrustZone still retains full control of memory management, which a rootkit can
use to prevent traps on sensitive instructions or memory accesses necessary for
effective introspection. In this paper, we present SPROBES, a novel primitive
that enables introspection of operating systems running on ARM TrustZone
hardware. Using SPROBES, an introspection mechanism protected by TrustZone can
instrument individual operating system instructions of its choice, receiving an
unforgeable trap whenever any SPROBE is executed. The key challenge in
designing SPROBES is preventing the rootkit from removing them, but we identify
a set of five invariants whose enforcement is sufficient to restrict rootkits
to execute only approved, SPROBE-injected kernel code. We implemented a
proof-of-concept version of SPROBES for the ARM Fast Models emulator,
demonstrating that in Linux kernel 2.6.38, only 12 SPROBES are sufficient to
enforce all five of these invariants. With SPROBES we show that it is possible
to leverage the limited TrustZone extensions to limit conventional kernel
execution to approved code comprehensively.Comment: In Proceedings of the Third Workshop on Mobile Security Technologies
(MoST) 2014 (http://arxiv.org/abs/1410.6674
Differentially Private Location Privacy in Practice
With the wide adoption of handheld devices (e.g. smartphones, tablets) a
large number of location-based services (also called LBSs) have flourished
providing mobile users with real-time and contextual information on the move.
Accounting for the amount of location information they are given by users,
these services are able to track users wherever they go and to learn sensitive
information about them (e.g. their points of interest including home, work,
religious or political places regularly visited). A number of solutions have
been proposed in the past few years to protect users location information while
still allowing them to enjoy geo-located services. Among the most robust
solutions are those that apply the popular notion of differential privacy to
location privacy (e.g. Geo-Indistinguishability), promising strong theoretical
privacy guarantees with a bounded accuracy loss. While these theoretical
guarantees are attracting, it might be difficult for end users or practitioners
to assess their effectiveness in the wild. In this paper, we carry on a
practical study using real mobility traces coming from two different datasets,
to assess the ability of Geo-Indistinguishability to protect users' points of
interest (POIs). We show that a curious LBS collecting obfuscated location
information sent by mobile users is still able to infer most of the users POIs
with a reasonable both geographic and semantic precision. This precision
depends on the degree of obfuscation applied by Geo-Indistinguishability.
Nevertheless, the latter also has an impact on the overhead incurred on mobile
devices resulting in a privacy versus overhead trade-off. Finally, we show in
our study that POIs constitute a quasi-identifier for mobile users and that
obfuscating them using Geo-Indistinguishability is not sufficient as an
attacker is able to re-identify at least 63% of them despite a high degree of
obfuscation.Comment: In Proceedings of the Third Workshop on Mobile Security Technologies
(MoST) 2014 (http://arxiv.org/abs/1410.6674