Salaxy: Enabling USB Debugging Mode Automatically to Control Android Devices

Lu, Hui; Helu, Xiaohan; Jin, Cheng-Jie; Sun, Yu; Zhang, Man; Tian, Zhihong

doi:10.1109/access.2019.2958837

Cited by 3 publications

(4 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…One way is to restrict writing and modification permissions. In addition, all the developer's features should be disabled including debugging privilege [38]. To avoid reverse engineering (or to make it harder), data encryption and code obfuscation mechanisms should be established.…”

Section: E Integrity and Confidentialitymentioning

confidence: 99%

Engineering Privacy in Smartphone Apps: A Technical Guideline Catalog for App Developers

Hatamian

2020

IEEE Access

View full text Add to dashboard Cite

With the rapid growth of technology in recent years, we are surrounded by or even dependent on the use of technological devices such as smartphones as they are now an indispensable part of our life. Smartphone applications (apps) provide a wide range of utilities such as navigation, entertainment, fitness, etc. To provide such context-sensitive services to users, apps need to access users' data including sensitive ones, which in turn, can potentially lead to privacy invasions. To protect users against potential privacy invasions in such a vulnerable ecosystem, legislation such as the European Union General Data Protection Regulation (EU GDPR) demands best privacy practices. Therefore, app developers are required to make their apps compatible with legal privacy principles enforced by law. However, this is not an easy task for app developers to comprehend purely legal principles to understand what needs to be implemented. Similarly, bridging the gap between legal principles and technical implementations to understand how legal principles need to be implemented is another barrier to develop privacy-friendly apps. To this end, this paper proposes a privacy and security design guide catalog for app developers to assist them in understanding and adopting the most relevant privacy and security principles in the context of smartphone apps. The presented catalog is aimed at mapping the identified legal principles to practical privacy and security solutions that can be implemented by developers to ensure enhanced privacy aligned with existing legislation. Through conducting a case study, it is confirmed that there is a significant gap between what developers are doing in reality and what they promise to do. This paper provides researchers and developers of privacy-related technicalities an overview of the characteristics of existing privacy requirements needed to be implemented in smartphone ecosystems, on which they can base their work.

show abstract

Section: E Integrity and Confidentialitymentioning

confidence: 99%

Engineering Privacy in Smartphone Apps: A Technical Guideline Catalog for App Developers

Hatamian

2020

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Tools and software as listed in Table 1 are needed for the exploitation so that remote access can be done through ADB. The tools and software that are used consist of Laptop MSI-GF639SCSR, Xiaomi Redmi Note 5 brand smartphone with Android 9 & Android 12 (AOSP) version, Xiaomi Redmi 5 Plus brand smartphone with Android 8.1 version, Vivo Y71 brand Smartphone with Android 8.1 version, and Kali Linux 21.1 as operating system [18]. The Ghost Framework is a tool to do the exploitation process for remote access devices.…”

Section: 4mentioning

confidence: 99%

“…The Ghost Framework tool can be used to test whether or not remote access [18]. These tools will be used in this study to do exploitation the smartphone with the Android system.…”

Section: Introductionmentioning

confidence: 99%

Analysis of Remote Access Trojan Attack using Android Debug Bridge

Aprilliansyah

Riadi

Sunardi

2022

IJID

View full text Add to dashboard Cite

The security hole in the android operating system sometimes not realized by users such as malware and exploitation by third parties to remote access. This study conducted to identify the vulnerabilities of android operating system by using Ghost Framework. The vulnerability of the android smartphone are found by using the Android Debug Bridge (ADB) with the exploitation method as well as to analyze the test results and identify remote access Trojan attacks. The exploitation method with several steps from preparing the tools and connecting to the testing commands to the testing device have been conducted. The result shows that android version 9 can be remote access by entering the exploit via ADB. Some information has been obtained by third parties, enter and change the contents of the system directory can be remote access like an authorized to do any activities on the device such as opening lock screen, entering the directory system, changing the system, etc.

show abstract

“…Due to system complexity and requirements, software and hardware security remain fundamentally difficult, with extensive vulnerabilities reported in each iteration of devices [14,68] and in their wired [69][70][71][72] and wireless [73,74] peripherals. Data extraction tools rely on these vulnerabilities [5,14,64] and have remained successful in practice [14,21,22,31], therefore our analysis focuses squarely on what confidentiality remains when these protections are bypassed.…”

Section: Threat Modelmentioning

confidence: 99%

SoK: Cryptographic Confidentiality of Data on Mobile Devices

Zinkus

Jois

Green

2021

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

Mobile devices have become an indispensable component of modern life. Their high storage capacity gives these devices the capability to store vast amounts of sensitive personal data, which makes them a high-value target: these devices are routinely stolen by criminals for data theft, and are increasingly viewed by law enforcement agencies as a valuable source of forensic data. Over the past several years, providers have deployed a number of advanced cryptographic features intended to protect data on mobile devices, even in the strong setting where an attacker has physical access to a device. Many of these techniques draw from the research literature, but have been adapted to this entirely new problem setting. This involves a number of novel challenges, which are incompletely addressed in the literature. In this work, we outline those challenges, and systematize the known approaches to securing user data against extraction attacks. Our work proposes a methodology that researchers can use to analyze cryptographic data confidentiality for mobile devices. We evaluate the existing literature for securing devices against data extraction adversaries with powerful capabilities including access to devices and to the cloud services they rely on. We then analyze existing mobile device confidentiality measures to identify research areas that have not received proper attention from the community and represent opportunities for future research.

show abstract

Salaxy: Enabling USB Debugging Mode Automatically to Control Android Devices

Cited by 3 publications

References 13 publications

Engineering Privacy in Smartphone Apps: A Technical Guideline Catalog for App Developers

Engineering Privacy in Smartphone Apps: A Technical Guideline Catalog for App Developers

Analysis of Remote Access Trojan Attack using Android Debug Bridge

SoK: Cryptographic Confidentiality of Data on Mobile Devices

Contact Info

Product

Resources

About