TY - GEN
T1 - How your phone camera can be used to stealthily spy on you
T2 - 5th ACM Conference on Data and Application Security and Privacy, CODASPY 2015
AU - Zhang, Zhongwen
AU - Liu, Peng
AU - Xiang, Ji
AU - Jing, Jiwu
AU - Lei, Lingguang
N1 - Publisher Copyright:
Copyright © 2015 ACM.
PY - 2015/3/2
Y1 - 2015/3/2
N2 - Based on the observations that spy-on-user attacks by call- ing Android APIs will be detected out by Android API auditing, we studied the possibility of a "transplantation attack", through which a malicious app can take privacy- harming pictures to spy on users without the Android API auditing being aware of it. Usually, to take a picture, apps need to call APIs of Android Camera Service which runs in mediaserver process. Transplantation attack is to transplant the picture taking code from mediaserver process to a mali- cious app process, and the malicious app can call this code to take a picture in its own address space without any IPC. As a result, the API auditing can be evaded. Our experiments confirm that transplantation attack indeed exists. Also, the transplantation attack makes the spy-on-user attack much more stealthy. The evaluation result shows that nearly a half of 69 smartphones (manufactured by 8 vendors) test- ed let the transplantation attack discovered by us succeed. Moreover, the attack can evade 7 Antivirus detectors, and Android Device Administration which is a set of APIs that can be used to carry out mobile device management in en- terprise environments. The transplantation attack inspires us to uncover a subtle design/implementation deficiency of the Android security.
AB - Based on the observations that spy-on-user attacks by call- ing Android APIs will be detected out by Android API auditing, we studied the possibility of a "transplantation attack", through which a malicious app can take privacy- harming pictures to spy on users without the Android API auditing being aware of it. Usually, to take a picture, apps need to call APIs of Android Camera Service which runs in mediaserver process. Transplantation attack is to transplant the picture taking code from mediaserver process to a mali- cious app process, and the malicious app can call this code to take a picture in its own address space without any IPC. As a result, the API auditing can be evaded. Our experiments confirm that transplantation attack indeed exists. Also, the transplantation attack makes the spy-on-user attack much more stealthy. The evaluation result shows that nearly a half of 69 smartphones (manufactured by 8 vendors) test- ed let the transplantation attack discovered by us succeed. Moreover, the attack can evade 7 Antivirus detectors, and Android Device Administration which is a set of APIs that can be used to carry out mobile device management in en- terprise environments. The transplantation attack inspires us to uncover a subtle design/implementation deficiency of the Android security.
UR - http://www.scopus.com/inward/record.url?scp=84928170681&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84928170681&partnerID=8YFLogxK
U2 - 10.1145/2699026.2699103
DO - 10.1145/2699026.2699103
M3 - Conference contribution
AN - SCOPUS:84928170681
T3 - CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy
SP - 99
EP - 110
BT - CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy
PB - Association for Computing Machinery
Y2 - 2 March 2015 through 4 March 2015
ER -