The peril of fragmentation: Security hazards in android device driver customizations
DC Field | Value | Language |
---|---|---|
dc.contributor.author | 이연준 | - |
dc.contributor.author | Zhou, Xiaoyong | - |
dc.contributor.author | Zhang, Nan | - |
dc.contributor.author | Naveed, Muhammad | - |
dc.contributor.author | Wang, Xiaofeng | - |
dc.date.accessioned | 2021-06-22T23:23:56Z | - |
dc.date.available | 2021-06-22T23:23:56Z | - |
dc.date.created | 2021-02-18 | - |
dc.date.issued | 2014-05 | - |
dc.identifier.issn | 1081-6011 | - |
dc.identifier.uri | https://scholarworks.bwise.kr/erica/handle/2021.sw.erica/22864 | - |
dc.description.abstract | Android phone manufacturers are under the perpetual pressure to move quickly on their new models, continuously customizing Android to fit their hardware. However, the security implications of this practice are less known, particularly when it comes to the changes made to Android's Linux device drivers, e.g., those for camera, GPS, NFC etc. In this paper, we report the first study aimed at a better understanding of the security risks in this customization process. Our study is based on ADDICTED, a new tool we built for automatically detecting some types of flaws in customized driver protection. Specifically, on a customized phone, ADDICTED performs dynamic analysis to correlate the operations on a security-sensitive device to its related Linux files, and then determines whether those files are under-protected on the Linux layer by comparing them with their counterparts on an official Android OS. In this way, we can detect a set of likely security flaws on the phone. Using the tool, we analyzed three popular phones from Samsung, identified their likely flaws and built end-to-end attacks that allow an unprivileged app to take pictures and screenshots, and even log the keys the user enters through touch screen. Some of those flaws are found to exist on over a hundred phone models and affect millions of users. We reported the flaws and helped the manufacturers fix those problems. We further studied the security settings of device files on 2423 factory images from major phone manufacturers, discovered over 1,000 vulnerable images and also gained insights about how they are distributed across different Android versions, carriers and countries. | - |
dc.language | 영어 | - |
dc.language.iso | en | - |
dc.publisher | IEEE | - |
dc.title | The peril of fragmentation: Security hazards in android device driver customizations | - |
dc.type | Article | - |
dc.contributor.affiliatedAuthor | 이연준 | - |
dc.identifier.doi | 10.1109/SP.2014.33 | - |
dc.identifier.scopusid | 2-s2.0-84914115732 | - |
dc.identifier.bibliographicCitation | S&P - IEEE Symposium on Security and Privacy, pp.409 - 423 | - |
dc.relation.isPartOf | S&P - IEEE Symposium on Security and Privacy | - |
dc.citation.title | S&P - IEEE Symposium on Security and Privacy | - |
dc.citation.startPage | 409 | - |
dc.citation.endPage | 423 | - |
dc.type.rims | ART | - |
dc.description.journalClass | 3 | - |
dc.description.isOpenAccess | N | - |
dc.description.journalRegisteredClass | other | - |
dc.subject.keywordPlus | Android (operating system) | - |
dc.subject.keywordPlus | Data privacy | - |
dc.subject.keywordPlus | Manufacture | - |
dc.subject.keywordPlus | Telephone sets | - |
dc.subject.keywordPlus | Touch screens | - |
dc.subject.keywordAuthor | Android Security | - |
dc.subject.keywordAuthor | Privacy | - |
dc.identifier.url | https://ieeexplore.ieee.org/document/6956578?arnumber=6956578&SID=EBSCO:edseee | - |
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
55 Hanyangdeahak-ro, Sangnok-gu, Ansan, Gyeonggi-do, 15588, Korea+82-31-400-4269 sweetbrain@hanyang.ac.kr
COPYRIGHT © 2021 HANYANG UNIVERSITY. ALL RIGHTS RESERVED.
Certain data included herein are derived from the © Web of Science of Clarivate Analytics. All rights reserved.
You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.