Exploiting android system services through bypassing service helpers
Android allows applications to communicate with system service via system service helper so that applications can use various functions wrapped in the system services. Meanwhile, system services leverage the service helpers to enforce security mechanisms, e.g. input parameter validation, to protect...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2017
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/3809 https://ink.library.smu.edu.sg/context/sis_research/article/4811/viewcontent/101007_978_3_319_59608_2_3.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| Summary: | Android allows applications to communicate with system service via system service helper so that applications can use various functions wrapped in the system services. Meanwhile, system services leverage the service helpers to enforce security mechanisms, e.g. input parameter validation, to protect themselves against attacks. However, service helpers can be easily bypassed, which poses severe security and privacy threats to system services, e.g., privilege escalation, function execution without users’ interactions, system service crash, and DoS attacks. In this paper, we perform the first systematic study on such vulnerabilities and investigate their impacts. We develop a tool to analyze all system services in the newly released Android system. Among the 104 system services and over 3,400 system service methods in the system, we discover 22 vulnerable service interfaces that can be exploited to launch real-world attacks. Furthermore, we implement and construct attacks to demonstrate the impacts of these vulnerabilities. In particular, by utilizing these vulnerabilities, these attacks result in implicit user fingerprint authentication in background, NFC data retrieval in background, Bluetooth service crash, and Android system crash. |
|---|