Revealing Android 3PLs-based attacks
- 1. Revealing Android 3PLs -based attacks Amina Waddiz Supervised by: Prof. Jong Kim Mentored by: Beumjin Cho August 27th, 2015
- 2. Summary 1. Introduction 2. Motivation, Goals and Contribution 3. 3PLs Classification and usage 4. 3PLs-based attacks 5. Conclusion
- 3. Introduction Android Security Model DAC/MAC MAC: Permission-based 3PLs+App Same process Same permissions Android: Attack surface Current state: Ad Libs Other libs ?
- 4. Motivation & Goals Motivation: → Protect the User privacy → Defend the System safety Goals: → Generalize 3PLs usage → Identify 3PLs-based attacks
- 5. Background
- 6. Android app and permissions
- 7. Android System External Server 3PLs App Contribution - Classification - Usage - 3PLs-based attacks
- 8. Android System External Server 3PLs App Contribution (1) - Classification - Usage - 3PLs-based attacks
- 9. Overview of existing 3PLs
- 11. 1. Build.gradle 2. Activity.xml 3. AndroidManifest 4. Calls in java Classes 3PLs typical usage
- 12. Android System External Server 3PLs App Contribution (2) - Classification - Usage - 3PLs-based attacks
- 13. Attack Example: Steal sensitive data
- 14. Category Description Examples Functional Classification Privacy User’s sensitive data - Contacts - Location - Phone identity Financial Damage Make revenue -Premium SMS/Calls -Online Banking Frauds Device Usability Damage device utilities - Drain Battery - Lock the screen Agent-based Classification Memory Access memory stack and heap - Bus Monitoring attack Network GSM networks (Local stations not device) - Attach Flood (Denial of service) Overview of 3PLs-based attacks
- 15. Conclusion ● An analysis and classification for Android 3PLs and their threat: ○ Collected, studied and classified the most used 3PLs in android apps ○ Unveiled 3PLs-based threats attacking some android components ● Necessity of a novel approach to tackle 3PLs- based malware: ○ Build an efficient tool to ISOLATE 3PLs from the host application