Account forgery and privilege escalation attacks on android home cloud devices

Abstract

A smart device supported by the Android platform, because of structural weaknesses, is vulnerable to the risk of repackaging. Attackers attempt to access personal information or important data of users through repackaging. Android supported home cloud devices are no exception. Not only are these devices vulnerable to repackaging due to running on the Android system but, like other smart devices, they are susceptible to having important data compromised. Because home cloud devices, in particular, use the cloud service to store personal information, an encroachment of that data may lead to a leaking of the user’s documents, photos, personal videos, etc. The problem arises when the attacker is authenticated as the valid home cloud device user and thus taps into the stored data within the device, giving support to the claim that the authentication process for authorizing privilege is the most important section from a security standpoint. Consequently, this paper analyzes an actual home cloud server supported by Android, reports the results of an attack simulation on the weaknesses in the authentication process, and proposes countermeasures to resolve relevant weaknesses in the process. © 2015 American Scientific Publishers. All rights reserved.