Vulnerable Android: A Study on UI Inference A...

Vulnerable Android: A Study on UI Inference Attacks and Malware Attacks

Author Name : Arun Sharma, Harmeet Malhotra

ABSTRACT Smartphone industry has been booming with phenomenal growth with the discovery of new technologies. Over the past two years, the rapid growth in smartphones and tablets usage has led to inevitable rise in targeting these devices by the attackers. Although various security mechanisms are added in the consecutive versions of Android operating system, but attackers are still able to exploit them. The exponential growth of Android OS due to adoption by various manufacturers and largely unregulated android app market produce a sharp rise in security threats targeting that platform. In this paper, we discuss a new type of attack that directly breaks the GUI integrity of the operating system and breaches the UI state of any application. It does not require any special permission and can easily be implemented by the attacker. This type of attack is called UI state inference attack. We discuss its design and demonstrate this attack by successfully hijacking the UI State of a widely popular application. This paper also discusses about android malwares which usually run in the background and are not only used to steal sensitive information from the user but also able to avoid and counter detection methods. We analyze various android spywares and design summary which are available to anybody on the web. Nowadays, attackers have developed methods to counter detection methods by having full control over the system. Zero-day vulnerabilities are used to get the root access and manage the system by binding rootkits with the malicious applications. This paper discusses their consequences and suggests various mitigation strategies to avoid them.