Android sensitive data leakage prevention with rooting detection using Java function hooking

“…It unlocks all the system files and functions by gaining the root privilege in the device. DroidKungfu malware uses the exploits known as RageAgainstTheCage (CVE-2010-EASY) and Exploid (CVE-2009-1185) to escalate privileges [18]. Such attacks are prevented by Security Enhanced (SE) Android present in android devices.…”

“…Such attacks are prevented by Security Enhanced (SE) Android present in android devices. • Gooligan Attack: It is a malware that exploits the zero-day vulnerability (CVE-2013-6282) found in kernel API, [18] the zero-day vulnerability is called "zero-day" because it is the duration during which vulnerability is exposed and used by the attackers while there is no patch provided by the vendor. In such kinds of attacks, some malware application is used to perform the read/write operations on the memory of the kernel.…”

“…In such kinds of attacks, the attackers target the bug that is present in the kernel. These loopholes or bugs are used by attackers, to add malicious content in the kernel address space or redirect the execution of the kernel to the address space where the malicious content is present [18]. There are many kinds of attacks that come under this category like the return to libc attack, jump-oriented programming attack, return-oriented programming attack, etc.…”

“…Bootloader [21] is the piece of code that takes care of what all applications are needed to boot up so that the device runs properly when switched on. It is also responsible for the security of the device by ensuring the integrity of the chain of trust policy [18]. According to the CoT policy, the bootloader has to verify the integrity of processes in each stage during booting before the execution of the processes.…”

“…There are different bootloaders like Huawei, Qualcomm, Nvidia having certain vulnerabilities that can be identified using BOOT STOMP [21]. CVE-2014-9798 and CVE-2015-8893 are vulnerabilities found in the Qualcomm bootloader [18].…”

A Review and Case Study on Android Malware: Threat Model, Attacks, Techniques and Tools

“…It unlocks all the system files and functions by gaining the root privilege in the device. DroidKungfu malware uses the exploits known as RageAgainstTheCage (CVE-2010-EASY) and Exploid (CVE-2009-1185) to escalate privileges [18]. Such attacks are prevented by Security Enhanced (SE) Android present in android devices.…”

“…Such attacks are prevented by Security Enhanced (SE) Android present in android devices. • Gooligan Attack: It is a malware that exploits the zero-day vulnerability (CVE-2013-6282) found in kernel API, [18] the zero-day vulnerability is called "zero-day" because it is the duration during which vulnerability is exposed and used by the attackers while there is no patch provided by the vendor. In such kinds of attacks, some malware application is used to perform the read/write operations on the memory of the kernel.…”

“…In such kinds of attacks, the attackers target the bug that is present in the kernel. These loopholes or bugs are used by attackers, to add malicious content in the kernel address space or redirect the execution of the kernel to the address space where the malicious content is present [18]. There are many kinds of attacks that come under this category like the return to libc attack, jump-oriented programming attack, return-oriented programming attack, etc.…”

“…Bootloader [21] is the piece of code that takes care of what all applications are needed to boot up so that the device runs properly when switched on. It is also responsible for the security of the device by ensuring the integrity of the chain of trust policy [18]. According to the CoT policy, the bootloader has to verify the integrity of processes in each stage during booting before the execution of the processes.…”

“…There are different bootloaders like Huawei, Qualcomm, Nvidia having certain vulnerabilities that can be identified using BOOT STOMP [21]. CVE-2014-9798 and CVE-2015-8893 are vulnerabilities found in the Qualcomm bootloader [18].…”

A Review and Case Study on Android Malware: Threat Model, Attacks, Techniques and Tools

Enhancing Password Manager Application Security By Root Detection with Usability and Security Evaluation

Sensitive and Personal Data: What Exactly Are You Talking About?