Large-Scale Analysis of Remote Code Injection Attacks in Android Apps

Choi, Hyunwoo; Kim, Yong‐Dae

doi:10.1155/2018/2489214

Cited by 11 publications

(2 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…When there was a delay of 10 seconds for the response after the sleep command of 10 seconds, we confirmed the code injection vulnerability. This is a very serious issue that can lead to complete compromise of the application's data and functionality, and the server that's hosting the application [4]. Due to ethical reasons, we limit our attack in detecting this vulnerability.…”

Section: Improper Access Controlmentioning

confidence: 99%

Silver Surfers on the Tech Wave: Privacy Analysis of Android Apps for the Elderly

Kapoor

Pagey

Mannan

et al. 2023

Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

View full text Add to dashboard Cite

for their constant support and guidance throughout this project. Their continued support gave life to this project and made this research possible. I would also like to express my gratitude for their patience, motivation, enthusiasm, and immense knowledge. I am incredibly lucky to be able to work under the close guidance of my supervisors who inspired me with bright ideas, helpful comments, suggestions, and insights which have contributed to the improvement of this work.I would also like to thank my peers at the Madiba Security Research Group for sharing their knowledge and experience and being there beside me on my rainy days. I learned a lot from everyone, especially, Sajjad Pourali, Rohan Pagey, and Bhaskar Tejaswi. I feel lucky and grateful to be a part of this research group. Special thanks to all professors at CIISE. They all provided me with the opportunity to learn in a positive learning environment and made me more interested in all aspects of systems security. I received substantial financial support from my supervisors and Concordia University and I am thankful for easing the financial burden during my research. Lastly, I would like to thank my family and friends.

show abstract

Section: Improper Access Controlmentioning

confidence: 99%

Silver Surfers on the Tech Wave: Privacy Analysis of Android Apps for the Elderly

Kapoor

Pagey

Mannan

et al. 2023

Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

View full text Add to dashboard Cite

show abstract

“…Another scenario is also possible, as shown in Figure 2b. For example, the attacker can establish a rogue wireless access point, as presented in [25]. Based on our assumption on the attacker's ability, the attacker can inject a malicious code when the user downloads resources or applications via the untrusted/compromised communication medium.…”

Section: Our Attack and Threat Modelmentioning

confidence: 99%

Memory and Cache Contention Denial-of-Service Attack in Mobile Edge Devices

Cho

Kong

2021

Applied Sciences

View full text Add to dashboard Cite

In this paper, we introduce a memory and cache contention denial-of-service attack and its hardware-based countermeasure. Our attack can significantly degrade the performance of the benign programs by hindering the shared resource accesses of the benign programs. It can be achieved by a simple C-based malicious code while degrading the performance of the benign programs by 47.6% on average. As another side-effect, our attack also leads to greater energy consumption of the system by 2.1× on average, which may cause shorter battery life in the mobile edge devices. We also propose detection and mitigation techniques for thwarting our attack. By analyzing L1 data cache miss request patterns, we effectively detect the malicious program for the memory and cache contention denial-of-service attack. For mitigation, we propose using instruction fetch width throttling techniques to restrict the malicious accesses to the shared resources. When employing our malicious program detection with the instruction fetch width throttling technique, we recover the system performance and energy by 92.4% and 94.7%, respectively, which means that the adverse impacts from the malicious programs are almost removed.

show abstract