• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>IEEE Symposium on Security and Privacy >Upgrading Your Android, Elevating My Malware: Privilege Escalation through Mobile OS Updating
【24h】

Upgrading Your Android, Elevating My Malware: Privilege Escalation through Mobile OS Updating

机译:升级您的Android,请提升我的恶意软件:通过移动操作系统更新提升Privilege升级

获取原文
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Android is a fast evolving system, with new updates coming out one after another. These updates often completely overhaul a running system, replacing and adding tens of thousands of files across Android's complex architecture, in the presence of critical user data and applications (apps for short). To avoid accidental damages to such data and existing apps, the upgrade process involves complicated program logic, whose security implications, however, are less known. In this paper, we report the first systematic study on the Android updating mechanism, focusing on its Package Management Service (PMS). Our research brought to light a new type of security-critical vulnerabilities, called Pileup flaws, through which a malicious app can strategically declare a set of privileges and attributes on a low-version operating system (OS) and wait until it is upgraded to escalate its privileges on the new system. Specifically, we found that by exploiting the Pileup vulnerabilities, the app can not only acquire a set of newly added system and signature permissions but also determine their settings (e.g., protection levels), and it can further substitute for new system apps, contaminate their data (e.g., cache, cookies of Android default browser) to steal sensitive user information or change security configurations, and prevent installation of critical system services. We systematically analyzed the source code of PMS using a program verification tool and confirmed the presence of those security flaws on all Android official versions and over 3000 customized versions. Our research also identified hundreds of exploit opportunities the adversary can leverage over thousands of devices across different device manufacturers, carriers and countries. To mitigate this threat without endangering user data and apps during an upgrade, we also developed a new detection service, called SecUP, which deploys a scanner on the user's device to capture the malicious apps designed to exploit Pileu- vulnerabilities, based upon the vulnerability-related information automatically collected from newly released Android OS images.
机译:Android是一个快速的不断发展的系统,新的更新是一个接一个地出来的。这些更新通常会完全大作运行系统,在存在关键用户数据和应用程序的情况下,在Android的复杂体系结构上替换和添加数万个文件(适用于简短的应用程序)。为避免意外损害此类数据和现有应用程序,升级过程涉及复杂的程序逻辑,但其安全影响较少。在本文中,我们报告了关于Android更新机制的第一个系统研究,重点是其包管理服务(PMS)。我们的研究带来了一种新型的安全关键漏洞,称为堆积漏洞,通过该漏洞,通过它,恶意应用程序可以战略地声明低版本操作系统(OS)上的一组权限和属性,并等待它升级以升级到升级它对新系统的特权。具体而言,我们发现,通过利用堆积漏洞,该应用程序不仅可以获取一组新添加的系统和签名权限,还可以确定其设置(例如,保护级别),并且可以进一步替代新的系统应用程序,污染他们的数据(例如,缓存,Android默认浏览器的Cookie)窃取敏感的用户信息或更改安全配置,并防止安装关键系统服务。我们系统地使用程序验证工具分析了PMS的源代码,并确认了所有Android官方版本和超过3000个自定义版本的安全漏洞。我们的研究还确定了数百个利用机会,对手可以利用不同设备制造商,运营商和国家的数千个设备。在升级期间不危及用户数据和应用程序的情况下减轻这种威胁,我们还开发了一个名为Secup的新检测服务,该服务在用户的设备上部署了扫描仪,以捕获旨在利用漏洞的恶意应用程序,基于漏洞 - 从新发布的Android OS图像自动收集相关信息。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号