1,278 Hits in 4.4 sec


Long Lu, Zhichun Li, Zhenyu Wu, Wenke Lee, Guofei Jiang
2012 Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12  
In this paper, we study a general category of vulnerabilities found in Android apps, namely the component hijacking vulnerabilities.  ...  We evaluated CHEX with 5,486 real Android apps and found 254 potential component hijacking vulnerabilities.  ...  Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the National Science Foundation, the Department  ... 
doi:10.1145/2382196.2382223 dblp:conf/ccs/LuLWLJ12 fatcat:az36lu4pgvborhh5pmdj54argu

NatiDroid: Cross-Language Android Permission Specification [article]

Chaoran Li, Xiao Chen, Ruoxi Sun, Jason Xue, Sheng Wen, Muhammad Ejaz Ahmed, Seyit Camtepe, Yang Xiang
2021 arXiv   pre-print
in permission over-privilege and up to 3.6% apps have at least one false negative in component hijacking.  ...  While the protection mapping can be utilized to detect various security vulnerabilities in Android apps, such as permission over-privilege and component hijacking, imprecise mapping will lead to false  ...  STOWAWAY empirically determines the permissions required in Android APIs using feedback-directed testing.  ... 
arXiv:2111.08217v1 fatcat:scfue5ltkbholkay7w7uevpqpu

Attacking Android smartphone systems without permissions

Su Mon Kywe, Yingjiu Li, Kunal Petal, Michael Grace
2016 2016 14th Annual Conference on Privacy, Security and Trust (PST)  
Android requires third-party applications to request for permissions when they access critical mobile resources, such as users' personal information and system operations.  ...  In this paper, we present the attacks that can be launched without permissions.  ...  Note that we do not suggest to reclassify and protect all the corresponding resources that are attacked in this paper.  ... 
doi:10.1109/pst.2016.7906949 dblp:conf/pst/KyweLPG16 fatcat:5o3wh3rwojhwlmhcbsdfgtt5te

Real-Time Triggering of Android Memory Dumps for Stealthy Attack Investigation

Jennifer Bellizzi, Mark Vella, Christian Colombo, Julio Hernandez-Castro
2020 Nordic Conference on Secure IT Systems  
Several optimisation measures for the JIT-MF tools are presented, considering the typical resource constraints of Android devices.  ...  the stealthiest of Android attacks.  ...  In this paper, we shed light on the capabilities of JIT-MF in the context of messaging hijack attacks within Android.  ... 
doi:10.1007/978-3-030-70852-8_2 dblp:conf/nordsec/BellizziVCH20 fatcat:5bbh3n7iirbr7n63tsq3am7uya

Measuring the Insecurity of Mobile Deep Links of Android

Fang Liu, Chun Wang, Andres Pico, Danfeng Yao, Gang Wang
2017 USENIX Security Symposium  
Recently, two new deep link mechanisms were proposed to address the security risks in scheme URLs: App link and Intent URL. 1) App Link [6, 9] was introduced to Android and iOS in 2015.  ...  Finally, Intent URLs have little impact in mitigating hijacking risks due to a low adoption rate on the web.  ...  Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of any funding agencies.  ... 
dblp:conf/uss/LiuWPYW17 fatcat:254jazsehrbgfeksrxgjgml6pa

Vetting undesirable behaviors in android apps with permission use analysis

Yuan Zhang, Min Yang, Bingquan Xu, Zhemin Yang, Guofei Gu, Peng Ning, X. Sean Wang, Binyu Zang
2013 Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security - CCS '13  
Android platform adopts permissions to protect sensitive resources from untrusted apps.  ...  Thus, recent years have witnessed the explosion of undesirable behaviors in Android apps. An important part in the defense is the accurate analysis of Android apps.  ...  generated in the Viber server and thus cannot be hijacked by a man-in-the-middle attack.  ... 
doi:10.1145/2508859.2516689 dblp:conf/ccs/ZhangYXYGNWZ13 fatcat:u4zuvak3cbaahojf7snbz724re

A Security Sandbox Approach of Android Based on Hook Mechanism

Xin Jiang, Mingzhe Liu, Kun Yang, Yanhua Liu, Ruili Wang
2018 Security and Communication Networks  
This paper provides a new security sandbox approach of Android based on hook mechanism, to further enrich Android malware detection technologies.  ...  As the most widely applied mobile operating system for smartphones, Android is challenged by fast growing security problems, which are caused by malicious applications.  ...  The core engine aims to find target methods in virtual memory, load user-supplied DEX files, hijack the vtable, and set native hooks.  ... 
doi:10.1155/2018/9856537 fatcat:7gnd5mqaffht5kmcb4bl6zuqg4

Communication-based attacks detection in android applications

Chuan Ma, Tao Wang, Limin Shen, Dongkui Liang, Shuping Chen, Dianlong You
2019 Tsinghua Science and Technology  
To address this problem, a formal method is proposed to model and detect inter-component communication behavior in Android applications.  ...  The Android operating system provides a rich Inter-Component Communication (ICC) method that brings enormous convenience. However, the Android ICC also increases security risks.  ...  However, the Android ICC also presents security risks; for instance, component hijacking problems have been noted in the literature [2, 4] .  ... 
doi:10.26599/tst.2018.9010133 fatcat:qqltrodzpngthkioy2dxxgoon4

From Zygote to Morula: Fortifying Weakened ASLR on Android

Byoungyoung Lee, Long Lu, Tielei Wang, Taesoo Kim, Wenke Lee
2014 2014 IEEE Symposium on Security and Privacy  
In this paper, we analyze the Zygote process creation model, an Android operating system design for speeding up application launches.  ...  However, we identify that certain Android modifications are at odds with security and result in serious vulnerabilities that need to be addressed immediately.  ...  This material is based upon work supported in part by the National Science  ... 
doi:10.1109/sp.2014.34 dblp:conf/sp/LeeLWKL14 fatcat:marfpzjz6zdpzjlcpsfmuedjqi

Mobile Application Web API Reconnaissance: Web-to-Mobile Inconsistencies & Vulnerabilities

Abner Mendoza, Guofei Gu
2018 2018 IEEE Symposium on Security and Privacy (SP)  
We detected problematic logic in APIs used in over 4,000 apps, including 1,743 apps that use unencrypted HTTP communication.  ...  In this paper, we present a novel approach for automatically analyzing mobile app-to-web API communication to detect inconsistencies in input validation logic between apps and their respective web API  ...  ACKNOWLEDGMENT This material is based upon work supported in part by the National Science Foundation (NSF) under Grant no. 1314823  ... 
doi:10.1109/sp.2018.00039 dblp:conf/sp/MendozaG18 fatcat:upjdfihbhvfvveuz3qdpsw2pfy

MR-Droid: A Scalable and Prioritized Analysis of Inter-App Communication Risks

Fang Liu, Haipeng Cai, Gang Wang, Danfeng Yao, Karim O. Elish, Barbara G. Ryder
2017 2017 IEEE Security and Privacy Workshops (SPW)  
In this paper, we present MR-Droid, a MapReduce-based computing framework for accurate and scalable inter-app ICC analysis in Android.  ...  Our analyses also reveal new real-world hijacking attacks and collusive app pairs. Based on our findings, we provide practical recommendations for reducing inter-app communication risks.  ...  [8] analyzed the inter-app vulnerabilities in Android. They pointed out that the message passing system involves various inter-app attacks including broadcast theft, activity hijacking, etc.  ... 
doi:10.1109/spw.2017.12 dblp:conf/sp/LiuCWYER17 fatcat:c66s5fh2jvac3pdyyt6l5rbnhy

Man-in-the-browser-cache: Persisting HTTPS attacks via browser cache poisoning

Yaoqi Jia, Yue Chen, Xinshu Dong, Prateek Saxena, Jian Mao, Zhenkai Liang
2015 Computers & security  
We find that browsers are highly inconsistent in their caching policies for loading resources over SSL connections with invalid certificates.  ...  cached resources with malicious ones.  ...  Acknowledgments This work was supported in part by the National Natural Science  ... 
doi:10.1016/j.cose.2015.07.004 fatcat:bkd36gu4ozgt3dbdm5qmtjykbe

Collaborative TCP sequence number inference attack

Zhiyun Qian, Z. Morley Mao, Yinglian Xie
2012 Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12  
In this study, we discover a new class of unknown side channels -"sequence-number-dependent" host packet counters -that exist in Linux/Android and BSD/Mac OS to enable TCP sequence number inference attacks  ...  It allows a piece of unprivileged on-device malware to collaborate with an off-path attacker to infer the TCP sequence numbers used between a client and a server, leading to TCP injection and hijacking  ...  We have implemented the attacks on both Android and Mac OS. We use Android as the example for description Injection vs. Hijacking.  ... 
doi:10.1145/2382196.2382258 dblp:conf/ccs/QianMX12 fatcat:wewabyvdbjcmfldb72qpaq3pa4

Android UI Deception Revisited: Attacks and Defenses [chapter]

Earlence Fernandes, Qi Alfred Chen, Justin Paupore, Georg Essl, J. Alex Halderman, Z. Morley Mao, Atul Prakash
2017 Lecture Notes in Computer Science  
Current versions of Android are susceptible to these attacks.  ...  Threat Model and Example UI Attacks Our threat model assumes that the Android OS is not compromised via root exploits. Malicious apps are assumed to be unprivileged, which is the norm on  ...  Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.  ... 
doi:10.1007/978-3-662-54970-4_3 fatcat:qp24pb4ikzfwhbfsmjpfzefmbm

Android inter-app communication threats and detection techniques

Shweta Bhandari, Wafa Ben Jaballah, Vineeta Jain, Vijay Laxmi, Akka Zemmari, Manoj Singh Gaur, Mohamed Mosbah, Mauro Conti
2017 Computers & security  
In this paper, we present Android vulnerabilities that may be exploited for a possible collusion attack.  ...  To the best of our knowledge this is the first survey on app collusion and state-of-the-art detection tools in Android.  ...  Activity Hijacking In an Activity hijacking attack, a malicious Activity is launched instead of the intended Activity.  ... 
doi:10.1016/j.cose.2017.07.002 fatcat:owzn5l7bvrcitix4mlfiabdhee
« Previous Showing results 1 — 15 out of 1,278 results