Revealing Android 3PLs -based attacks

Amina Waddiz

Supervised by: Prof. Jong KimMentored by: Beumjin Cho

August 27th, 2015

Summary

1. Introduction

2. Motivation, Goals and Contribution

3. 3PLs Classification and usage

4. 3PLs-based attacks

5. Conclusion

IntroductionAndroid Security Model

DAC/MAC

MAC: Permission-based

3PLs+App Same process

Same permissions

Android: Attack surface

Current state: Ad Libs

Other libs ?

Motivation & Goals

Motivation:

→ Protect the User privacy

→ Defend the System safety

Goals:

→ Generalize 3PLs usage

→ Identify 3PLs-based attacks

Background

Android app and permissions

Android System

External Server

3PLs

App

Contribution

- Classification- Usage

- 3PLs-based attacks

Android System

External Server

3PLs

App

Contribution (1)

- Classification- Usage

- 3PLs-based attacks

Overview of existing 3PLs

1. Build.gradle

2. Activity.xml

3. AndroidManifest

4. Calls in java Classes

3PLs typical usage

Android System

External Server

3PLs

App

Contribution (2)

- Classification- Usage

- 3PLs-based attacks

Attack Example: Steal sensitive data

Category Description Examples

FunctionalClassification

Privacy User’s sensitive data - Contacts- Location- Phone identity

Financial Damage

Make revenue -Premium SMS/Calls -Online Banking Frauds

Device Usability Damage device utilities

- Drain Battery- Lock the screen

Agent-based Classification

Memory Access memory stack and heap

- Bus Monitoring attack

Network GSM networks(Local stations not device)

- Attach Flood(Denial of service)

Overview of 3PLs-based attacks

Conclusion● An analysis and classification for Android 3PLs

and their threat:

○ Collected, studied and classified the most used 3PLs in android apps

○ Unveiled 3PLs-based threats attacking some android components

● Necessity of a novel approach to tackle 3PLs-based malware:

○ Build an efficient tool to ISOLATE 3PLs from the host application