Towards discovering and understanding task hijacking in android

Proceedings of the 24th USENIX Security Symposium

Volumn , Issue , 2015, Pages 945-959

  Ren, Chuangang ^a   Zhang, Yulong ^b   Xue, Hui ^b   Wei, Tao ^b   Liu, Peng ^a  

^a PENNSYLVANIA STATE UNIVERSITY   (United States)

^b Cyber Physical Threat Intelligence Senior Analyst FireEye

Author keywords

[No Author keywords available]

Indexed keywords

ANDROID (OPERATING SYSTEM); DENIAL-OF-SERVICE ATTACK; MALWARE; MULTITASKING; RISK ASSESSMENT;

ANDROID MARKETS; DENIAL OF SERVICE; MITIGATION TECHNIQUES; PERSONALIZATIONS; PROOF OF CONCEPT; SECURITY IMPLICATIONS; SYSTEMATIC STUDY; USER EXPERIENCE;

MOBILE SECURITY;

EID: 85030791452     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (41)

1. Task and Back Stack. http://developer.android.com/guide/components/tasks-and-back-stack. html.
2. App Manifest. http://developer.android.com/guide/topics/manifest/activity- element. html.
3. AKHAWE, D., HE, W., LI, Z., MOAZZEZI, R., AND SONG, D. Clickjacking Revisited: A Perceptual View of UI Security. In Proceedings of the USENIX Workshop on Offensive Technologies (WOOT) (2014).
4. Android Activity. http://developer.android.com/reference/android/app/Activity.html.
5. Simplocker: First Confirmed File-Encrypting Ransomware for Android, 2014. http://www.symantec.com/connect/blogs/simplocker-first-confirmed.
6. ARP, D., SPREITZENBARTH, M., HUBNER, M., GASCON, H., AND RIECK, K. Drebin: Effective and Explainable Detection of Android Malware in Your Pocket. In Proceedings of Network and Distributed System Security Symposium (NDSS) (2014).
7. CHEN, E., PEI, Y., CHEN, S., TIAN, Y., KOTCHER, R., AND TAGUE, P. OAuth Demystified for Mobile Application Developers. In Proceedings of ACM Conference on Computer and Communications Security (CCS) (2014).
8. CHEN, Q. A., QIAN, Z., AND MAO, Z. M. Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks. In Proceedings of the USENIX Security Symposium (2014).
9. CHEN, S., MESEGUER, J., SASSE, R., WANG, H., AND WANG, Y. A Systematic Approach to Uncover Security FLaws in GUI Logic. In Proceedings of IEEE Symposium on Security and Privacy (S&P) (2007).
10. CHIN, E., FELT, A. P., GREENWOOD, K., AND WAGNER, D. Analyzing Inter-Application Communication in Android. In Proceedings of the International Conference on Mobile Systems, Applications, and Services (MobiSys) (2011).
11. ENCK, W., GILBERT, P., CHUN, B., COX, L. P., JUNG, J., MCDANIEL, P., AND SHETH, A. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. In Proceedings of USENIX Symposium on Operating Systems Design and Implementation (OSDI) (2010).
12. FELT, A. P., CHIN, E., HANNA, S., SONG, D., AND WAGNER, D. Android Permissions Demystified. In Proceedings of ACM Conference on Computer and Communications Security (CCS) (2011).
13. FELT, A. P., WANG, H. J., MOSHCHUK, A., HANNA, S., AND CHIN, E. Permission Re-delegation: Attacks and Defenses. In Proceedings of the USENIX Security Symposium (2011).
14. FESKE, N., AND HELMUTH, C. A Nitpickers Guide to a Minimal-complexity Secure GUI. In Proceedings of Annual Computer Security Applications Conference (ACSAC) (2005).
15. GRACE, M., ZHOU, Y., WANG, Z., AND JIANG, X. Systematic Detection of Capability Leaks in Stock Android Smartphones. In Proceedings of Network and Distributed System Security Symposium (NDSS) (2012).
16. GRACE, M., ZHOU, Y., ZHANG, Q., ZOU, S., AND JIANG, X. RiskRanker: Scalable and Accurate Zero-day Android Malware Detection. In Proceedings of the International Conference on Mobile Systems, Applications, and Services (MobiSys) (2012).
17. HUANG, L., MOSHCHUK, A., WANG, H. J., SCHECHTER, S., AND JACKSON, C. Clickjacking: Attacks and Defenses. In Proceedings of the USENIX Security Symposium (2012).
18. JIN, X., HU, X., YING, K., DU, W., AND YIN, H. Code Injection Attacks on HTML5-based Mobile Apps: Characterization, Detection and Mitigation. In Proceedings of ACM Conference on Computer and Communications Security (CCS) (2014).
19. K. W. Y. AU AND Y. ZHOU AND Z. HUANG AND D. LIE. PScout: Analyzing the Android Permission Specification. In Proceedings of ACM Conference on Computer and Communications Security (CCS) (2012).
20. KANTOLA, D., CHIN, E., HE, W., AND WAGNER, D. Reducing attack surfaces for intra-application communication in android. In Proceedings of the ACM workshop on Security and privacy in smartphones and mobile devices (SPSM) (2012).
21. LI, T., ZHOU, X., XING, L., LEE, Y., NAVEED, M., WANG, X., AND HAN, X. Mayhem in the Push Clouds: Understanding and Mitigating Security Hazards in Mobile Push-Messaging Services. In Proceedings of ACM Conference on Computer and Communications Security (CCS) (2014).
22. LIN, C., LI, H., ZHOU, X., AND WANG, X. Screenmilker: How to Milk Your Android Screen for Secrets. In Proceedings of Network and Distributed System Security Symposium (NDSS) (2014).
23. LU, L., LI, Z., WU, Z., LEE, W., AND JIANG, G. CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities. In Proceedings of ACM Conference on Computer and Communications Security (CCS) (2012).
24. LUO, T., HAO, H., DU, W., WANG, Y., AND YIN, H. Attacks on WebView in the Android System. In Proceedings of Annual Computer Security Applications Conference (2011).
25. MILUZZO, E., VARSHAVSKY, A., AND BALAKRISHNAN, S. TapPrints: Your Finger Taps Have Fingerprints. In Proceedings of the International Conference on Mobile Systems, Applications, and Services (MobiSys) (2012).
26. PENG, H., GATES, C., SARMA, B., LI, N., QI, Y., POTHARAJU, R., NITA-ROTARU, C., AND MILLOY, I. Using Probabilistic Generative Models for Ranking Risks of Android Apps. In Proceedings of ACM Conference on Computer and Communications Security (CCS) (2012).
27. POEPLAU, S., FRATANTONIO, Y., BIANCHI, A., KRUEGEL, C., AND VIGNA, G. Execute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications. In Proceedings of Network and Distributed System Security Symposium (NDSS) (2014).
28. ROESNER, F., AND KOHNO, T. Securing Embedded User Interfaces: Android and Beyond. In Proceedings of the USENIX Security Symposium (2013).
29. SHAPIRO, J., VANDERBURGH, J., NORTHUP, E., AND CHIZMADIA, D. Design of the EROS Trusted Window System. In Proceedings of the USENIX Security Symposium (2004).
30. SOUNTHIRARAJ, D., SAHS, J., GREENWOOD, G., LIN, Z., AND KHAN, L. SMV-HUNTER: Large Scale, Automated Detection of SSL/TLS Man-in-the-Middle Vulnerabilities in Android Apps. In Proceedings of Network and Distributed System Security Symposium (NDSS) (2014).
31. Android and Security, 2012. http://googlemobile.blogspot.com/2012/02/android- and- security. html.
32. WEI, F., ROY, S., OU, X., AND ROBBY. Amandroid: A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps. In Proceedings of ACM Conference on Computer and Communications Security (CCS) (2014).
33. WU, L., GRACE, M., ZHOU, Y., WU, C., AND JIANG, X. The Impact of Vendor Customizations on Android Security. In Proceedings of ACM Conference on Computer and Communications Security (CCS) (2013).
34. XU, Z., BAI, K., AND ZHU, S. TapLogger: Inferring User Inputs on Smartphone Touchscreens Using On-board Motion Sensors. In Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Netowrks (WiSec) (2012).
35. YANG, W., XIAO, X., ANDOW, B., LI, S., XIE, T., AND ENCK, W. AppContext: Differentiating Malicious and Benign Mobile App Behavior under Contexts. In Proceedings of International Conference on Software Engineering (ICSE) (2015).
36. YANG, Z., YANG, M., ZHANG, Y., GU, G., NING, P., AND WANG, X. S. AppIntent: Analyzing Sensitive Data Transmission in Android for Privacy Leakage Detection. In Proc. CCS13.
37. ZHANG, M., DUAN, Y., YIN, H., AND ZHAO, Z. Semantics-Aware Android Malware Classification Using Weighted Contextual API Dependency Graphs. In Proc. CCS14.
38. ZHOU, X., DEMETRIOU, S., HE, D., NAVEED, M., PAN, X., WANG, X., GUNTER, C., AND NAHRSTEDT, K. Identity, Location, Disease and More: Inferring Your Secrets from Android Public Resources. In Proceedings of ACM Conference on Computer and Communications Security (CCS) (2013).
39. ZHOU, Y., AND JIANG, X. Dissecting Android Malware: Characterization and Evolution. In Proceedings of IEEE Symposium on Security and Privacy (S&P) (2012).
40. ZHOU, Y., AND JIANG, X. Detecting Passive Content Leaks and Pollution in Android Applications. In Proceedings of Network and Distributed System Security Symposium (NDSS) (2013).
41. ZHOU, Y., WANG, Z., ZHOU, W., AND JIANG, X. Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets. In Proceedings of Network and Distributed System Security Symposium (NDSS) (2012).