Corpus ID: 5712790

All Your Droid Are Belong to Us: A Survey of Current Android Attacks

@inproceedings{Vidas2011AllYD,
  title={All Your Droid Are Belong to Us: A Survey of Current Android Attacks},
  author={Timothy M. Vidas and Daniel Votipka and Nicolas Christin},
  booktitle={WOOT},
  year={2011}
}
In the past few years, mobile devices (smartphones, PDAs) have seen both their computational power and their data connectivity rise to a level nearly equivalent to that available on small desktop computers, while becoming ubiquitous. On the downside, these mobile devices are now an extremely attractive target for large-scale security attacks. Mobile device middleware is thus experiencing an increased focus on attempts to mitigate potential security compromises. In particular, Android… Expand
An Empirical Study of Android Security Bulletins in Different Vendors
TLDR
A comprehensive study of 3,171 Android-related vulnerabilities is performed and it is found that the studied vendors in the Android ecosystem have adopted different structures for vulnerability reporting, and vendors are less likely to react with delay for CVEs with Android Git repository references. Expand
Android Operating System Security Models: UNIX & Android
The market for smart phones has been booming in the past few years. There are now over 400,000 applications on the Android market. Over 10 billion Android applications have been downloaded from theExpand
Android open-source operating System for mobile devices.
TLDR
This paper introduces the extensible exploit execution framework which is capable of performing automated vulnerability tests of Android smart phones and incorporates currently known exploits, but can be easily extended to integrate future exploits. Expand
Android oS Security : riSkS And LimitAtionS A PrActicAL evALuAtion
The number of Android-based smartphones is growing rapidly. They are increasingly used for security-critical private and business applications, such as online banking or to access corporate networks.Expand
Android oS Security: riSkS And LimitAtionS
The number of Android-based smartphones is growing rapidly. They are increasingly used for security-critical private and business applications, such as online banking or to access corporate networks.Expand
Protecting data on android platform against privilege escalation attack
TLDR
A detection and prevention scheme that protects Android against privilege escalation attack that tries to get full access to all data and can detect and prevent new and unknown malware as well as currently known one. Expand
Network Security Challenges in Android Applications
TLDR
This paper evaluates the SSL implementation in a recent set of Android applications and presents some of the most common missuses, to raise awareness to current and new developers to actually consider security as one of their main goals during the development life cycle of applications. Expand
This is Just Metadata: From No Communication Content to User Profiling, Surveillance and Exploitation
TLDR
It is showcased that unprivileged apps, without actually using any permissions, can harvest a considerable amount of valuable user information in Android by monitoring and exploiting the file and folder metadata of the most well-known messaging apps in Android. Expand
StoreDroid: Sensor-based data protection framework for Android
TLDR
The StoreDroid framework addresses possible data violations that can occur in the current Android system by adding protection mechanisms in several layers, and on top of the regular Linux used in Android, the customized security-enhanced Linux ensures that the sensor-based application will keep the data isolated and secured. Expand
USB Connection Vulnerabilities on Android smartphones
TLDR
This work enumerates a series of vulnerabilities in the USB connection of Android, specially vulnerabilities related with the customization done by the Android manufacturers, and develops an application capable of mitigating the discovered vulnerabilities. Expand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 68 REFERENCES
On lightweight mobile phone application certification
TLDR
The Kirin security service for Android is proposed, which performs lightweight certification of applications to mitigate malware at install time and indicates that security configuration bundled with Android applications provides practical means of detecting malware. Expand
Toward a general collection methodology for Android devices
TLDR
This paper details the composition of an Android bootable image and discusses the creation of such an image designed for forensic collection and related results of experiments carried out on several specific devices. Expand
TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones
TLDR
TaintDroid is an efficient, system-wide dynamic taint tracking and analysis system capable of simultaneously tracking multiple sources of sensitive data and enabling realtime analysis by leveraging Android’s virtualized execution environment. Expand
Securing Android-Powered Mobile Devices Using SELinux
TLDR
Google's Android framework incorporates an operating system and software stack for mobile devices that includes Security-Enhanced Linux (SELinux), which can help reduce potential damage from a successful attack. Expand
Google Android: A Comprehensive Security Assessment
This research provides a security assessment of the Android framework-Google's software stack for mobile devices. The authors identify high-risk threats to the framework and suggest several securityExpand
A methodology for empirical analysis of permission-based security models and its application to android
TLDR
This work presents a methodology for the empirical analysis of permission-based security models which makes novel use of the Self-Organizing Map (SOM) algorithm of Kohonen (2001) and offers some discussion identifying potential points of improvement for the Android permission model. Expand
Curbing Android Permission Creep
The Android platform has about 130 application level permissions that govern access to resources. The determination of which permissions to request is left solely to the application developer. UsersExpand
Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications
The automatic patch-based exploit generation problem is: given a program P and a patched version of the program P', automatically generate an exploit for the potentially unknown vulnerability presentExpand
Remote kill and install on google android. http://jon.oberheide.org/blog
  • Remote kill and install on google android. http://jon.oberheide.org/blog
  • 2010
Remote kill and install on google android. http://jon.oberheide.org/blog/ 2010/06/25/remote-kill-and-installon-google-android
  • 2010
...
1
2
3
4
5
...