Why Software DoS Is Hard to Fix: Denying Access in Embedded Android Platforms
نویسندگان
چکیده
A new class of software Denial of Service (DoS) attacks against Android platforms was recently discovered, where the attacks can force the victim device unresponsive, target and terminate other applications on the device, and continuously soft reboot the device [26]. After Google was informed of these DoS attacks, their attempt to resolve the problem did not adequately address the fundamental underlying attack principles. In this paper, we show that engineering software DoS defenses is challenging, especially for embedded and resource-constrained devices. To support our findings, we detail a revised DoS attack strategy for the latest version of Android. For our experimental evaluation, we demonstrate that the new class of DoS attacks are even more damaging to embedded Android devices. As part of our proof-of-concept attacks, we were able to render the Sony Bravia XBR-43X830C Android TV and the Amazon Fire TV Stick 1 generation devices permanently unusable. In addition, other devices, including the Moto 360 1 generation smartwatch, required flashing firmware images, whereas the Nvidia Shield Android TV and the Amazon Fire 7′′ Tablet required a factory reset to recover. Our attack is applicable to most Android devices and requires manual intervention to attempt to recover the device. The proposed attack strategy is more debilitating to devices that do not provide means for the end-user to easily access safe mode, recovery mode, or the ability flash firmware images. To mitigate the attack, we created an open-source defense application that has a 100% prevention rate after a single soft reboot of the device while incurring less than 1.6% performance overhead.
منابع مشابه
Powering the Internet of Things with RIOT: Why? How? What is RIOT?
The crucial importance of software platforms was highlighted by recent events both at the political level (e.g. renewed calls for digital data and operating system " sovereignty " , following E. Snowden's revelations) and at the business level (e.g. Android generated a new industry worth tens of billions of euros yearly). In the IoT, which is expected to generate business at very large scale, w...
متن کاملBreaking and Fixing Origin-Based Access Control in Hybrid Web/Mobile Application Frameworks
Hybrid mobile applications (apps) combine the features of Web applications and "native" mobile apps. Like Web applications, they are implemented in portable, platform-independent languages such as HTML and JavaScript. Like native apps, they have direct access to local device resources-file system, location, camera, contacts, etc. Hybrid apps are typically developed using hybrid application fram...
متن کاملTowards on embedded agent model for Android mobiles
This paper presents, a new agent model “specially” designed for the new Android Google SDK, where the Android mobile phone can be considered as a software agent. This agent model has an approach more practical than theoretical because it uses abstractions which makes possible its implementation on differents systems. The appearance of Android as an open system based on Linux has created new exp...
متن کاملAn OSGi-based Service Oriented Architecture for Android Software Development Platforms
During the past few years, service oriented approaches have been appeared as a new research paradigm providing better control, re-usability, and reliability for the software developments. With the growing complexity of embedded systems, new methodologies are needed to facilitate design, implementation, and maintenance of such systems, while providing means to capitalize software developments. A...
متن کاملImproving the Boot Time of the Android OS
Increasing application requirements in embedded systems demand additional software initialization and configuration during startup, which adversely affects system boot time. The demand for fast startup is motivated by embedded systems, not only for consumer electronics such as digital TV and mobile phones but also for devices in automotive, medical and other applications. This paper presents no...
متن کامل