Call me back! Attacks on system server and system apps in Android through synchronous callback

Kai Wang, Yuqing Zhang, Peng Liu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

19 Scopus citations

Abstract

Android is the most commonly used mobile device operation system. The core of Android, the System Server (SS), is a multi-threaded process that provides most of the system services. Based on a new understanding of the security risks introduced by the callback mechanism in system services, we have discovered a general type of design flaw. A vulnerability detection tool has been designed and implemented based on static taint analysis.We applied the tool on all the 80 system services in the SS of Android 5.1.0. With its help, we have discovered six previously unknown vulnerabilities, which are further confirmed on Android 2.3.7-6.0.1. According to our analysis, about 97.3% of the entire 1.4 billion realworld Android devices are vulnerable. Our proof-of-concept attack proves that the vulnerabilities can enable a malicious app to freeze critical system functionalities or soft-reboot the system immediately. It is a neat type of denial-of-service attack. We also proved that the attacks can be conducted at mission critical moments to achieve meaningful goals, such as anti anti-virus, anti process-killer, hindering app updates or system patching. After being informed, Google confirmed our findings promptly. Several suggestions on how to use callbacks safely are also proposed to Google.

Original languageEnglish (US)
Title of host publicationCCS 2016 - Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security
PublisherAssociation for Computing Machinery
Pages92-103
Number of pages12
ISBN (Electronic)9781450341394
DOIs
StatePublished - Oct 24 2016
Event23rd ACM Conference on Computer and Communications Security, CCS 2016 - Vienna, Austria
Duration: Oct 24 2016Oct 28 2016

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
Volume24-28-October-2016
ISSN (Print)1543-7221

Other

Other23rd ACM Conference on Computer and Communications Security, CCS 2016
Country/TerritoryAustria
CityVienna
Period10/24/1610/28/16

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Call me back! Attacks on system server and system apps in Android through synchronous callback'. Together they form a unique fingerprint.

Cite this