Rooting Android – Extending the ADB by an Auto-connecting WiFi-Accessible Service

Nazar, Assem; Seeger, Mark M.; Baier, Harald

doi:10.1007/978-3-642-29615-4_14

Cited by 5 publications

(4 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To this end, many have focused on Android systems for analyzing apps [40][41][42][43], detecting malware and attacks [44][45][46][47], or finding and describing vulnerabilities [48][49][50]-among many other topics. Moreover, jailbreaking or rooting Android devices is discussed both from an offensive [23,51,52] as well as a defensive point of view [11,33,[53][54][55][56]. In this section, we however focus on the iOS platform for which we first discuss attacks on unmodified as well as jailbroken systems.…”

Section: Related Workmentioning

confidence: 99%

False Sense of Security: A Study on the Effectivity of Jailbreak Detection in Banking Apps

Kellner

Micha

Rieck

et al. 2019

2019 IEEE European Symposium on Security and Privacy (EuroS&P)

View full text Add to dashboard Cite

People increasingly rely on mobile devices for banking transactions or two-factor authentication (2FA) and thus trust in the security provided by the underlying operating system. Simultaneously, jailbreaks gain tremendous popularity among regular users for customizing their devices. In this paper, we show that both do not go well together: Jailbreaks remove vital security mechanisms, which are necessary to ensure a trusted environment that allows to protect sensitive data, such as login credentials and transaction numbers (TANs). We find that all but one banking app, available in the iOS App Store, can be fully compromised by trivial means without reverse-engineering, manipulating the app, or other sophisticated attacks. Even worse, 44 % of the banking apps do not even try to detect jailbreaks, revealing the prevalent, errant trust in the operating system's security. This study assesses the current state of security of banking apps and pleads for more advanced defensive measures for protecting user data.

show abstract

Section: Related Workmentioning

confidence: 99%

False Sense of Security: A Study on the Effectivity of Jailbreak Detection in Banking Apps

Kellner

Micha

Rieck

et al. 2019

2019 IEEE European Symposium on Security and Privacy (EuroS&P)

View full text Add to dashboard Cite

show abstract

“…It is important to remember that Android's kernel has root permissions disabled by default but the user can gain this kind of permission by running a special crafted piece of code directly to the shell. From the standpoint of Information Security, enabling root permission on an Android device is not recommendable for two important reasons: the user cannot be sure if the rooting software contains any kind of malware such as a backdoor and a rooted device becomes more vulnerable if it gets compromised because any installed malware will get root permissions as well [9].…”

Section: Introductionmentioning

confidence: 99%

Network Activity Monitoring Against Malware in Android Operating System

Acosta-Guzman¹,

Aguilar-Torres

Gallegos-Garcia

2016

IJECE

View full text Add to dashboard Cite

Google’s Android is the most used Operating System in mobile devices but as its popularity has increased hackers have taken advantage of the momentum to plague Google Play (Android’s Application Store) with multipurpose Malware that is capable of stealing private information and give the hacker remote control of smartphone’s features in the worst cases. This work presents an innovative methodology that helps in the process of malware detection for Android Operating System, which addresses aforementioned problem from a different perspective that even popular Anti-Malware software has left aside. It is based on the analysis of a common characteristic to all different kinds of malware: the need of network communications, so the victim device can interact with the attacker. It is important to highlight that in order to improve the security level in Android, our methodology should be considered in the process of malware detection. As main characteristic, it does not need to install additional kernel modules or to root the Android device. And finally as additional characteristic, it is as simple as can be considered for non-experienced users.

show abstract

“…In addition, the analysis and processing of potentially malicious code occur in a virtualized phone outside of the real mobile device [4,[7][8][9]. Aside from the limited resources, the vulnerabilities [10] of mobile devices and the hacking capabilities from the malware would make the problem more complex than enterprise computing systems.…”

Section: Introductionmentioning

confidence: 99%

Analyzing User Awareness of Privacy Data Leak in Mobile Applications

Kim

2015

Mobile Information Systems

View full text Add to dashboard Cite

To overcome the resource and computing power limitation of mobile devices in Internet of Things (IoT) era, a cloud computing provides an effective platform without human intervention to build a resource-oriented security solution. However, existing malware detection methods are constrained by a vague situation of information leaks. The main goal of this paper is to measure a degree of hiding intention for the mobile application (app) to keep its leaking activity invisible to the user. For real-world application test, we target Android applications, which unleash user privacy data. With the TaintDroid-ported emulator, we make experiments about the timing distance between user events and privacy leaks. Our experiments with Android apps downloaded from the Google Play show that most of leak cases are driven by user explicit events or implicit user involvement which make the user aware of the leakage. Those findings can assist a malware detection system in reducing the rate of false positive by considering malicious intentions. From the experiment, we understand better about app’s internal operations as well. As a case study, we also presents a cloud-based dynamic analysis framework to perform a traffic monitor.

show abstract

Rooting Android – Extending the ADB by an Auto-connecting WiFi-Accessible Service

Cited by 5 publications

References 6 publications

False Sense of Security: A Study on the Effectivity of Jailbreak Detection in Banking Apps

False Sense of Security: A Study on the Effectivity of Jailbreak Detection in Banking Apps

Network Activity Monitoring Against Malware in Android Operating System

Analyzing User Awareness of Privacy Data Leak in Mobile Applications

Contact Info

Product

Resources

About