A Novel Attack against Android Phones
نویسندگان
چکیده
In the first quarter of 2011, Android has become the top-selling operating system for smartphones. In this paper, we present a novel, highly critical attack that allows unprompted installation of arbitrary applications from the Android Market. Our attack is based on a single malicious application, which, in contrast to previously known attacks, does not require the user to grant it any permissions. 1 Responsible Disclosure We reported this vulnerability to Google on June 20, 2011. In order to give them time to fix the issue, we removed the main content of this paper and generalized title and abstract. This document merely serves as a timestamp of discovery. 2 Hash The SHA-512 hash of the full report as sent to Google is given below: 051426b1794e363544893b7123ba3d15c5d878a9ff736162b85479d063a 86940fe2d6280774fd98989cce8b1628d5d9428d0691ee4ffcc2c07da82 31ca79af5d
منابع مشابه
Detection and prevention of LeNa Malware on Android
Smartphones contain security-sensitive information of a user such as contacts, SMS, photos, and GPS information. Because smartphones are always turned on and ready to connect to the Internet, that sensitive information is in danger of leakage. Various kinds of malware are more and more attacking smartphones, especially Android phones. We propose a scheme that protects Android phones against one...
متن کاملA Review on Android Authentication System Vulnerabilities
Mobile security has become a crucial aspect of mobile computing. People are maintaining their confidential and valuable information on smart phones. Most of the users and businesses use smart phones as message tools, and means of scheduling and establishing their work and private life. Smart phones contain increasing amount of exposed information to which access must be prohibited. But security...
متن کاملActivity Modeling and Threat Taxonomy for Context Aware Proactive System (CAPS) in Smart phones
Mobile technology and Internet is becoming an integral part of our daily life. Widespread usage of smart phones and its greater in-built functionality have provided portability to perform transaction like shopping, ticket booking and banking transactions on the fly. In mobile computing, the characteristic like context awareness allows to provide proactively adapted services to user according to...
متن کاملForensic Recovery of Scrambled Telephones
At the end of 2011, Google released version 4.0 of its Android operating system for smartphones. For the first time, Android smartphone owners were supplied with a disk encryption feature that transparently scrambles user partitions, thus protecting sensitive user information against targeted attacks that bypass screen locks. On the downside, scrambled telephones are a a nightmare for IT forens...
متن کاملDon't Interrupt Me While I Type: Inferring Text Entered Through Gesture Typing on Android Keyboards
We present a new side-channel attack against soft keyboards that support gesture typing on Android smartphones. An application without any special permissions can observe the number and timing of the screen hardware interrupts and system-wide software interrupts generated during user input, and analyze this information to make inferences about the text being entered by the user. System-wide inf...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- CoRR
دوره abs/1106.4184 شماره
صفحات -
تاریخ انتشار 2011