Privilege Escalation Attacks on Android
نویسندگان
چکیده
Android is a modern and popular software platform for smartphones. Among its predominant features is an advanced security model which is based on application-oriented mandatory access control and sandboxing. This allows developers and users to restrict the execution of an application to the privileges it has (mandatorily) assigned at installation time. The exploitation of vulnerabilities in program code is hence believed to be confined within the privilege boundaries of an application’s sandbox. However, in this paper we show that a privilege escalation attack is possible. We show that a genuine application exploited at runtime or a malicious application can escalate granted permissions. Our results immediately imply that Android’s security model cannot deal with a transitive permission usage attack and Android’s sandbox model fails as a last resort against malware and sophisticated runtime attacks.
منابع مشابه
SymDroid: A Symbolic Executor to Identify Activity Permission in Android Application
Mobile development is expanding widely over the past few years. Amongst the top operating platforms for Smartphones, Google Android platform has been discovered with known privilege escalation attacks. Many of the known privilege escalation attacks are related to the permission system used by the Android platform. This paper will introduce SymDroid, a tool using symbolic execution to explore pe...
متن کاملA taxonomy of privilege escalation attacks in Android applications
Google’s Android is one of the most popular mobile operating system platforms today, being deployed on a wide range of mobile devices from various manufacturers. It is termed as a privilegeseparated operating system which implements some novel security mechanisms. Recent research and security attacks on the platform, however, have shown that the security model of Android is flawed and is vulner...
متن کاملDroidAuditor: Forensic Analysis of Application-Layer Privilege Escalation Attacks on Android DroidAuditor: Forensic Analysis of Application-Layer Privilege Escalation Attacks on Android
Smart mobile devices process and store a vast amount of securityand privacy sensitive data. To protect this data from malicious applications mobile operating systems, such as Android, adopt finegrained access control architectures. However, related work has shown that these access control architectures are susceptible to applicationlayer privilege escalation attacks. Both automated static and d...
متن کاملRGBDroid: A Novel Response-Based Approach to Android Privilege Escalation Attacks
Recent malware often collects sensitive information from third-party applications with an illegally escalated privilege to the system level (the highest level) on the Android platform. An attack to obtain root-level privilege in an Android environment can pose a serious threat to users because it breaks down the whole security system. RGBDroid (Rooting Good-Bye on Droid) is an extension to the ...
متن کاملStudy of Privilege Escalation Attack on Android and Its Countermeasures
Android is most commonly used platform for smartphones today which boasts of an advanced security model having MAC and sandboxing. These features allow developers and users to restrict the execution of an application to the privileges assigned. The exploitation of vulnerabilities of the program is confined within the privilege boundaries of an applications sandbox. Privilege escalation attacks ...
متن کاملAn Android Security Extension to Protect Personal Information against Illegal Accesses and Privilege Escalation Attacks
Recently, it is widespread for malware to collect sensitive information owned by third-party applications as well as to escalate its privilege to the system level (the highest level) on the Android platform. An attack of obtaining root-level privilege in an Android environment can form a serious threat to users from the viewpoint of breaking down the whole security system. This paper proposes a...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2010