MuTent: Dynamic Android Intent Protection with Ownership-Based Key Distribution and Security Contracts

Intents are the plain-text based message object used for ICC by the Android framework. Hence the framework essentially lacks an inbuilt security mechanism to protect the visibility, accessibility, and integrity of Intent\u27s data that facilitates adversaries to intercept or manipulate the data. In this work, we investigate the Intent protection mechanism and propose a security-enhanced Intent library MuTent that allows Android apps to securely exchange sensitive data during ICC. Differently from the existing mechanism, MuTent provides accessibility and visibility of Intent data by validating the receiver\u27s capability and provides integrity by using encryption and the Arc security contract code. Especially, ICC is initiated by exchanging MuTent and follows a novel ownership-based key distribution model, that restricts the malware apps without permission from deciphering data. Through the evaluation, we show that MuTent can improve the security for popular Android apps with minimal performance overheads, demonstrated using F-Droid apps

Steal This Movie- Automatically Bypassing DRM Protection in Streaming Media Services

Streaming movies online is quickly becoming the way in which users access video entertainment. This has been powered by the ubiquitous presence of the Internet and the availability of a number of hardware platforms that make access to movies convenient. Often, video-on-demand services use a digital rights management system to prevent the user from duplicating videos because much of the economic model of video stream services relies on the fact that the videos cannot easily be saved to permanent storage and (illegally) shared with other customers. In this paper, we introduce a general memory-based approach that circumvents the protections deployed by popular video-ondemand providers. We apply our approach to four different examples of streaming services: Amazon Instant Video, Hulu, Spotify, and Netflix and we demonstrate that, by using our technique, it is possible to break DRM protection in a semi-automated way.