Exploiting android system services through bypassing service helpers
Android allows applications to communicate with system service via system service helper so that applications can use various functions wrapped in the system services. Meanwhile, system services leverage the service helpers to enforce security mechanisms, e.g. input parameter validation, to protect...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2017
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/3809 https://ink.library.smu.edu.sg/context/sis_research/article/4811/viewcontent/101007_978_3_319_59608_2_3.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-4811 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-48112017-11-18T08:38:32Z Exploiting android system services through bypassing service helpers GU, Yachong CHENG, Yao YING, Lingyun LU, Yemian LI, Qi SU, Purui Android allows applications to communicate with system service via system service helper so that applications can use various functions wrapped in the system services. Meanwhile, system services leverage the service helpers to enforce security mechanisms, e.g. input parameter validation, to protect themselves against attacks. However, service helpers can be easily bypassed, which poses severe security and privacy threats to system services, e.g., privilege escalation, function execution without users’ interactions, system service crash, and DoS attacks. In this paper, we perform the first systematic study on such vulnerabilities and investigate their impacts. We develop a tool to analyze all system services in the newly released Android system. Among the 104 system services and over 3,400 system service methods in the system, we discover 22 vulnerable service interfaces that can be exploited to launch real-world attacks. Furthermore, we implement and construct attacks to demonstrate the impacts of these vulnerabilities. In particular, by utilizing these vulnerabilities, these attacks result in implicit user fingerprint authentication in background, NFC data retrieval in background, Bluetooth service crash, and Android system crash. 2017-06-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/3809 info:doi/10.1007/978-3-319-59608-2_3 https://ink.library.smu.edu.sg/context/sis_research/article/4811/viewcontent/101007_978_3_319_59608_2_3.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Android Service helpers System services Vulnerabilities Databases and Information Systems Software Engineering Systems Architecture |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Android Service helpers System services Vulnerabilities Databases and Information Systems Software Engineering Systems Architecture |
| spellingShingle |
Android Service helpers System services Vulnerabilities Databases and Information Systems Software Engineering Systems Architecture GU, Yachong CHENG, Yao YING, Lingyun LU, Yemian LI, Qi SU, Purui Exploiting android system services through bypassing service helpers |
| description |
Android allows applications to communicate with system service via system service helper so that applications can use various functions wrapped in the system services. Meanwhile, system services leverage the service helpers to enforce security mechanisms, e.g. input parameter validation, to protect themselves against attacks. However, service helpers can be easily bypassed, which poses severe security and privacy threats to system services, e.g., privilege escalation, function execution without users’ interactions, system service crash, and DoS attacks. In this paper, we perform the first systematic study on such vulnerabilities and investigate their impacts. We develop a tool to analyze all system services in the newly released Android system. Among the 104 system services and over 3,400 system service methods in the system, we discover 22 vulnerable service interfaces that can be exploited to launch real-world attacks. Furthermore, we implement and construct attacks to demonstrate the impacts of these vulnerabilities. In particular, by utilizing these vulnerabilities, these attacks result in implicit user fingerprint authentication in background, NFC data retrieval in background, Bluetooth service crash, and Android system crash. |
| format |
text |
| author |
GU, Yachong CHENG, Yao YING, Lingyun LU, Yemian LI, Qi SU, Purui |
| author_facet |
GU, Yachong CHENG, Yao YING, Lingyun LU, Yemian LI, Qi SU, Purui |
| author_sort |
GU, Yachong |
| title |
Exploiting android system services through bypassing service helpers |
| title_short |
Exploiting android system services through bypassing service helpers |
| title_full |
Exploiting android system services through bypassing service helpers |
| title_fullStr |
Exploiting android system services through bypassing service helpers |
| title_full_unstemmed |
Exploiting android system services through bypassing service helpers |
| title_sort |
exploiting android system services through bypassing service helpers |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2017 |
| url |
https://ink.library.smu.edu.sg/sis_research/3809 https://ink.library.smu.edu.sg/context/sis_research/article/4811/viewcontent/101007_978_3_319_59608_2_3.pdf |
| _version_ |
1770573766160547840 |