Mobile Root Exploit Detection based on System Events Extracted from Android Platform

Recently, the number of attacks by malicious application has significantly increased, targeting Android-platform mobile terminal such as Samsung Galaxy Note I/II and Galaxy Tab 10.1, etc. The malicious application can be distributed and installed on user’s mobile devices through open market after masquerading as a common normal application. An attacker inserts malicious code into an application, which might threaten privacy by root exploit. Once the root exploit attack is successful, malicious code can collect and steal private data stored in mobile terminal, for example, SMS messages, contacts list and public key certificate for banking. To protect the private information from the malicious exploit attack, several response mechanisms such as malicious code detection, rooting attack detection and countermeasure method are required. To meet this end, this paper investigates mobile root exploits for Android based mobile devices. Based on that, this paper proposes countermeasure system that enables to extract and collect events related to root exploit attacks occurring from mobile terminal, which contributes to active protection from malicious mobile attacks. KeywordsSmart Mobile Device, Root Exploits, Detection, Malicious Application, Kernel Event, Android Platform