2014 IEEE Symposium on Security and Privacy 2014
DOI: 10.1109/sp.2014.33
|View full text |Cite
|
Sign up to set email alerts
|

The Peril of Fragmentation: Security Hazards in Android Device Driver Customizations

Abstract: Abstract-Android phone manufacturers are under the perpetual pressure to move quickly on their new models, continuously customizing Android to fit their hardware. However, the security implications of this practice are less known, particularly when it comes to the changes made to Android's Linux device drivers, e.g., those for camera, GPS, NFC etc. In this paper, we report the first study aimed at a better understanding of the security risks in this customization process. Our study is based on ADDICTED, a new … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
51
0

Year Published

2014
2014
2023
2023

Publication Types

Select...
4
4
2

Relationship

0
10

Authors

Journals

citations
Cited by 86 publications
(51 citation statements)
references
References 13 publications
0
51
0
Order By: Relevance
“…One feasible solution is to prepare a customized Android version with modified audio drivers. One recent research [54] has pointed out the security risks in Android device driver customizations. Android inherits the driver management methods of Linux and devices are placed under /dev (or /sys) as files.…”
Section: Discussionmentioning
confidence: 99%
“…One feasible solution is to prepare a customized Android version with modified audio drivers. One recent research [54] has pointed out the security risks in Android device driver customizations. Android inherits the driver management methods of Linux and devices are placed under /dev (or /sys) as files.…”
Section: Discussionmentioning
confidence: 99%
“…The vendor customizations have been proven to be problematic in prior studies. ADDICTED [37] finds under-protected Linux drivers on customized ROMs by comparing them with their counterparts on AOSP images. Harehunter [7] reveals the Hanging Attributes References vulnerability caused by the underregulated Android customization.…”
Section: Related Workmentioning
confidence: 99%
“…This problem arises when a variety of customized Android versions are used in different vendors' devices. This problem makes it difficult to provide a universal patch to enforce new security enhancement at the system level on all Android devices, due to misaligned incentives from different parties including Google, hardware vendors, and cell phone carriers [18,30,31]. Sensor Guardian does not need to modify the system to deploy the security enforcement, thus not affected by the Android fragmentation problem.…”
Section: Strengths Of Sensor Guardianmentioning
confidence: 99%