ArticlePDF Available

A Review on Camera Based Attacks on Android Smart Phones Anushree Pore

Authors:

Abstract

Nowadays, almost all the smart phones have features like camera and touch screen. These features may lead attacks on our smart phones. Modern smart phone platforms let users customize their device via third-party applications found on " app stores " or traditional websites. Application provenance is a problem so users are constantly at risk of installing malicious apps that steal personal data or gain root access to their device. For example, while using such malicious application, the response from application provider may contain the hidden request to have control on different devices connected to our mobile such as camera, front or main no issues phone is been attacked, recognizing our current location through main camera as it will show our surroundings and trying to recognize PIN's through front camera. This paper reviews new security threats are emerged for mobile devices and survey on various techniques for detection of mobile malware.
IJCST Vo l . 6, IS S u e 1, Ja n - Ma r C h 2015 ISSN : 0976-8491 (Online) | ISSN : 2229-4333 (Print)
www.ijcst.com
88 InternatIonal Journal of Computer SCIenCe and teChnology
A Review on Camera Based Attacks on
Android Smart Phones
1Anushree Pore, 2Mahip Bartere
1M.E. Scholar, GHRCEM, Amravati, Maharashtra, India
2Assistant Professor, GHRCEM, Amravati, Maharashtra, India
Abstract
Nowadays, almost all the smart phones have features like camera
and touch screen. These features may lead attacks on our smart
phones. Modern smart phone platforms let users customize their
device via third-party applications found on “app stores” or
traditional websites. Application provenance is a problem so users
are constantly at risk of installing malicious apps that steal personal
data or gain root access to their device. For example, while using
such malicious application, the response from application provider
may contain the hidden request to have control on different devices
connected to our mobile such as camera, front or main no issues
phone is been attacked, recognizing our current location through
main camera as it will show our surroundings and trying to
recognize PIN’s through front camera. This paper reviews new
security threats are emerged for mobile devices and survey on
various techniques for detection of mobile malware.
Keywords
Camera Based Attacks, WatchDog. Anti-Thief
I. Introduction
Mobile phones are becoming important part of our day to day life
specially the smart phones, since they are involved in keeping
in touch with friends and family, doing business, accessing the
internet and other activities. Andy Rubin, Google’s director of
mobile platforms, has commented: “There should be nothing that
users can access on their desktop that they can’t access on their
cell phone” [1]. Growth in smart phone sales is depicted in the
gure below.
Fig. 1: Smartphone Sales Worldwide
It indicates that smart phone sales are continuously on rise and
more and more people are becoming dependent on these devices.
As these smart phones are going to outnumber the world’s total
population in 2014, securing these devices has assumed paramount
importance. Owners use their smart phones to perform tasks
ranging from everyday communication with friends and family
to the management of banking accounts and accessing sensitive
Work related data. These factors, combined with limitations in
administrative device control through owners and security critical
applications like the banking transactions, make Android-based
Smart phones a very attractive target for hackers, attackers and
malware authors with almost any kind of motivation.
Smart phones retrieve apps from application markets and run
them within a middleware environment. Existing smart phone
platforms rely on application markets and platform protection
mechanisms for security. The g. 2 shows the general architecture
of smart phones.
Fig. 2: General Smart Phone Architecture
II. Literature Review
As, all the smart phone uses the application from the market,
smart phones are possible to get attacked through such malicious
application. Next section gives the detail about such security
threats.
A. Mobile Device Threats
Numerous attack exist which compromises security of mobile
devices [5]. Three main categories of attacks could be carried
over mobile devices which includes- malware attacks, grayware
attacks and spyware attacks described as:-
1. Malware
These kinds of attacks steal personal data from mobile devices and
damage devices [2]. With device vulnerabilities and luring user to
install additional apps, attacker can gain unauthorized root access
to devices. Some of the malware attacks are listed as:-
(i). Bluetooth Attacks
With Bluetooth attacks; attacker could insert contacts or SMS
messages, steals victim’s data from their devices and can track
user’s mobile location. Blue-bugging is kind of blue-tooth attack
through which attacker could listen conversations by activating
software including malicious activities [2].
(ii). SMS Attacks
Through SMS attacks; attacker can advertise and spread phishing
links. SMS messages can also be used by attackers to exploit
vulnerabilities [2].
(iii). GPS/Location Attacks
User’s current location and movement can be accessed with global
positioning system (GPS) hardware and then information can be
sold to other companies involved in advertising [2].
IJCST Vo l . 6, IS S u e 1, Ja n - Ma r C h 2015
www.ijcst.com InternatIonal Journal of Computer SCIenCe and teChnology 89
ISSN : 0976-8491 (Online) | ISSN : 2229-4333 (Print)
(iv). Phone Jail-Breaking
With jail-breaking, an attacker can remove security implications
of operating system like it allows OS to install additional and
unsigned applications. Users are attracted to install them as they
could get additional functionality [2].
(v). Premium Rate Attacks
They posed serious security concerns because premium rate SMS
messages could go unnoticed until attacker faces thousands of
dollars of bill on his device as they don’t need permissions to
send SMS on premium rated numbers [2].
(vi). Grayware
Grayware include applications which collect the data from mobile
devices for marketing purposes. Their intention is make no harm
to users but annoy them.
(vii). Spyware
Spyware collects personal information from user’s phone such as
contacts, call history and location. Personal spyware are able to
gain physical access of the device by installing software without
user’s consent. By collecting information about victim’s phone,
they send it to attacker who installed the app rather than the author
of the application.
B. Static Analysis
Static analysis investigates downloaded app by inspecting its
software properties and source code. However, obfuscation
and encryption techniques embedded in software makes static
analysis difcult. Static analysis is further categorized into two
categories- signature-based detection and behavior-based detection
traditionally used by anti-viruses.
Kim et al. [7] proposed framework for detection and monitoring
of energy greedy threats by building power consumption from
the collected samples. After generating power signatures, data
analyzer compares them with signatures present in a database.
Batyuk et al. [14] proposed system for static analysis of android
applications. First, they provide in-depth static analysis of
applications and present readable reports to user for assessment
and taking security relevant decisions-to install or not to install an
application. Then the method is developed to overcome security
threats introduced by the applications by disabling malicious
features from them.
Ontang et al. [15] proposed Secure application Interaction
Framework (Saint) by extending android security architecture
for protection of interfaces and enhancing interaction policies
between calling and callee applications.
Wei et al. [11] proposed a static feature-based approach
and develop system named Droid Mat able to detect and
distinguish android malware. Their mechanism considers the
static information including permissions, intents and regarding
components to characterize android malware , clustering algorithm
is applied to enhance malware modeling capability .K-Nearest
Neighbor algorithm classify applications as benign and malicious
applications. Finally their results are compared with well known
tool Androguard, published in Blackhat 2011 and it is found that
DroidMat is efcient as it takes only half time than Androguard
to predict 1738 applications.
Bose et al. [8] present behavioral detection framework for
representation of malware behavior by observing logical ordering
of applications actions. Malicious behavior is discriminated from
normal behavior by training SVM. System is evaluated for both
real-world and simulated mobile malwares with 96% accuracy.
Schmidt et al. [6] describes a method for symbianOS malware
analysis called centroid based on static function call analysis by
extracting features from binaries and clustering is applied for
detection of unknown malwares. VirusMeter [9] is proposed
to detect anomalous behavior on mobile devices by catching
malwares which are consuming abnormal power .Machine learning
algorithms helped to improve its detection accuracy.
L Xie et. al. [16], pBMDS an approach through which user-
behavior is analyzed by collecting data through logs of key-board
operations and LCD displays and then correlated with system calls
to detect anomalous activities. Hidden markov model (HMM)
is leveraged to learn user-behavior and malware behavior for
discrimination of differences between them.
C. Dynamic Analysis
Dynamic analysis involves execution of application in isolated
environment to track its execution behavior. In contrast to static
analysis, dynamic analysis enables to disclose natural behavior
of malware as executed code is analyzed, therefore immune to
obfuscation attempts.
Batyuk et al. [4] proposed an android application sandbox (AA
Sandbox) system for analysis of android applications consists
of fast static pre-check facility and kernel space sand-box. For
suspicious application detection, both static and dynamic analysis is
performed on android applications. AASandbox takes APK le and
list out following les by decompressing themAndroidmanifest.
xml, res/, classes.dex. Manifest le holds security permissions and
description of application. Res/ folder dene layout, graphical user
interface (GUI) elements and language of application. Classes.
dex le contains executable code for execution on dalvik virtual
machine which is then de-compiled to java les with baksmali and
then code is searched for suspicious patterns. Monkey program
designed for stress testing of applications generates pseudo random
sequences of user-events such as touches and mouse-clicks. It is
used to hijack system calls for logging operation and helpful to
get the logging behavior of application at system level. Around
150 applications are collected for testing and evaluation.
Min et al. [9] proposed run-time based behavior dynamic analysis
system for android applications. Proposed system consists of event
detector, log monitor and parser. Event trigger is able to simulate
the user’s action with static analysis. Static analyzer generates
manifest.xml and java code with the help of application .apk le.
Semantic analysis nd list of risk based permissions, activities
and services including other information such as hash code and
package name. Data ow analysis creates control ow graph
(CFG) of the application by mapping of userdened methods
and API calling. By running application in a customized emulator
with loadable LKM, sensitive information about application can
be captured such as sent SMS , call log and network data for entry
address of system calls. Logs recorded with debugging tool logcat
for sensitive behavior sent to Log parser. Log monitor gathers log
data as the application runs and parser analyzes log data by picking
sensitive information and ltering out unnecessary information.
By collecting 350 apps from the Amazon Android Market, results
found that about 82 applications leak private data.
Enack et al. [10] proposed Apps-playground framework for
automatic dynamic analysis of android applications. Designed
approach is able to analyze malicious applications in addition
to applications leaking private data from smart-phones without
the user’s consent. Dynamic analysis should possess detection
techniques including ability to explore application code as much
IJCST Vo l . 6, IS S u e 1, Ja n - Ma r C h 2015 ISSN : 0976-8491 (Online) | ISSN : 2229-4333 (Print)
www.ijcst.com
90 InternatIonal Journal of Computer SCIenCe and teChnology
as possible and the environment should be as much real that
malicious application could not obfuscate. Automatic analysis
code integrates the detection, exploration and disguise techniques
to explore android applications effectively. Detection techniques
detect the malicious functionality while app is being executed
.It includes taint tracing which monitor sensitive APIs with
TaintDroid such as SMS APIs and kernel level monitoring for
tracing of root exploits. Automatic exploration techniques are
helpful for code coverage of applications by simulating events
such as location changes and received SMS so that all application
code is covered. Fuzzy testing and intelligent black box execution
testing is used for automatic exploration of android applications.
Disguise techniques create realistic environment by providing data
such as International mobile equipment identity(IMEI), contacts,
SMS, GPS coordinates etc.
Enck et al. [3] proposed TaintDroid for dynamic analysis.
First dynamic analysis tool used for system wide analysis of
android applications by tracking ow of sensitive information
through thirdparty applications. TaintDroid integrates multiple
granularities at object level i.e, variable, method, message and
le level. It is able to monitor how the sensitive data are used
by applications and then taints are labeled. TaintDroid is tested
on around 30 applications and it is found that 15 of them uses
personal information.
D. Permission-Based Analysis
With the help of listed permissions in manifest.xml, various
researchers are able to detect applications malicious behavior. [2]
These permissions have the ability to limit application behaviour by
controlling over privacy and reducing bugs and vulnerabilities.
Johnson et. al. [12] proposed architecture for automatic
downloading of android applications from the android market.
Different algorithms employed for searching of applications
such as downloading applications by application category. With
static analysis, required permissions can be obtained based on its
functionality. Permission names are searched in android source
code and then mapped with API calls to know that whether
requested permissions are correct or not. Program examines all
smali les of application to obtain list of method calls used in an
application. Each method call is then compared with method call
listed in permission protected android API calls to know exact
permissions. Restricted permission set is compared with all the
permissions specied in AndroidManifest.xml le to nd out
extra permissions, lacking of permissions and exact permission
set required for its functionality.
Zhou et al. [13] proposed DroidRanger for systematic study on
overall health of both ofcial and unofcial Android Markets
with the focus on the detection of malicious apps. DroidRanger
leverages a crawler for collection of apps from the Android Market
and saved into local repository. Features extracted from collected
apps include requested permissions and author information. Two
different detection engines are used for detection of known and
unknown malwares. First detection engine is permission-based
behavioral foot-printing scheme able to distil apps requiring
dangerous permissions such as SEND_SMS and RECEIVE_
SMS permissions. Therefore, number of apps to be processed
for second detection engine is reduced. In second step, multiple
dimensions for behavioral foot-printing scheme chosen for
listening of all system-wide broadcast messages if they contains
receiver named android provider Telephony.SMS_RECEIVED.
Obtained callgraph associates API calls to specic components
specied in a rule. For example- by calling abortBroadCast
function with specic rule, a method is obtained to detect apps
monitoring incoming SMS messages. Second detection engine
includes some heuristics to detect suspicious apps and zero-day
malwares. Heuristics attempts to dynamically fetch and run code
from untrusted websites which is further monitored during run-
time execution to conrm whether it is truly malicious or not.
E. Related Work
Soundcomber [17] is a stealthy Trojan that can sense the context of
its audible surroundings to target and extract highvalue data such
as credit card and PIN numbers. Stealthy audio recording is easier
to realize since it does not need to hide the camera preview.
Xu et al. [18] present a data collection technique using a video
camera embedded in Windows phones. Their malware (installed as
a Trojan) secretly records video and transmits data using either email
or MMS. Windows phones offer a function, ShowWindow(hWnd,
SW HIDE), which can hide an app window on the phone screen.
However, it is much more complicated (no off-the-shelf function) to
hide a camera preview window in an Android system. In this work,
we are able to hide the whole camera app in Android. Moreover, we
implement advanced forms of attacks such as remote-controlled
and real-time monitoring attacks. We also utilize computer vision
techniques to analyze recorded videos and infer passcodes from
users’ eye movements.
Several video-based attacks targeted at keystrokes have been
proposed. The attacks can obtain user input on touch screen
smartphones.
Maggi et al. [19] implement an automatic shoulder surng attack
against modern touch-enabled smartphones. The attacker deploys
a video camera that can record the target screen while the victim
is entering text. Then user input can be reconstructed solely based
on the keystroke feedback displayed on the screen. However, this
attack requires an additional camera device, and issues like how
to place the camera near the victim without catching an alert must
be considered carefully. Moreover, it works only when visual
feedbacks such as magnied keys are available.
iSpy [20], proposed by Raguram, shows how screen reections
may be used for reconstruction of text typed on a smartphone’s
virtual keyboard. Similarly, this attack also needs an extra device
to capture the reections, and the visual key press conrmation
mechanism must be enabled on the target phone. In contrast,
our camera-based attacks work without any support from other
devices.
Longfei Wu [21] implemented the attacks on real phones, and
demonstrate the feasibility and effectiveness of the attacks.
Furthermore, they propose a lightweight defense scheme that
caneffectively detect these attacks.
III. Disadvantages
As mentioned above, the role a spy camera plays depends on the
way it is used and who is in control of it. In the following, we
discuss some threats and benets of using a spy camera.
A. Leaking Private Information
A spy camera works as a thief if it steals private information
from the phone. First, the malware nds a way to infect the
victim’s smartphone. For example, it appears to be a normal app
with legitimate use of a camera and the Internet. On one hand,
it performs the function it claims. On the other hand, it runs a
background service to secretly take pictures or record videos, and
store the data with obscure names in a directory that is seldom
visited. Then these data are sent out to the attacker when WiFi (fast
IJCST Vo l . 6, IS S u e 1, Ja n - Ma r C h 2015
www.ijcst.com InternatIonal Journal of Computer SCIenCe and teChnology 91
ISSN : 0976-8491 (Online) | ISSN : 2229-4333 (Print)
and usually unlimited) access or other connection is available.
B. Watchdog
Watchdog is another thing a spy camera can do. Nobody wants
other people to use or check his/her phone without permission.
A spy camera can stealthily take pictures of the phone user and
deter those who use or check other people’s phones.
C. Anti-Thief
On the other hand, a spy camera could play a completely different
role if it is used properly. When a user loses his/her phone, the
spy camera could be launched via remote control and capture
what the thief looks like as well as the surrounding environment.
Then the pictures or videos along with location information (GPS
coordinates) can be sent back to the device owner so that the owner
can pinpoint the thief and get the phone back.
IV. Counter Measure
In this section, we discuss possible countermeasures that can
protect Android phones against these spy camera attacks. In an
Android system, no application programming interface (API) or
log le is available for a user to check the usage of a camera device.
Hence, detection of camera-based attacks requires modication
to the system. So, the application can be developed which detects
the hidden request in the response from the application provider.
Such app will check the hidden request and presents an alert
dialog including the name of the suspicious app is displayed, and
what kind of hidden request is for will be displayed, for e.g. app
wants to use camera, this is the hidden request called spy camera
attack. Besides, the detailed activity patterns of suspected apps
are logged so that the user can check later.
V. Conclusion
Now days more than 1 million Android device activated Android
has very few restrictions for developer, increases the security risk
for end users. In this paper we have reviewed security issues in the
Android based Smartphone. The integration of technologies into
an application certication process requires overcoming logistical
and technical challenges. Android provides more security than
other mobile phone platforms. Moreover, in this paper, we study
camera-related vulnerabilities in Android phones for mobile
multimedia applications. We discuss the roles a spy camera can
play to attack or benet phone users.
References
[1] Google bets on Android future. [Online] Available: http://
news.bbc.co.uk/2/hi/technology/7266201.stm
[2] D.Stites, A.Tadimla: A Survey of Mobile Device Security:
Threats, Vulnerabilities and Defenses. [Online] Available:
http://afewguyscoding.com/2011/12/survey-mobile-device-
security-threats vulnerabilities-defenses.
[3] W.Enck, P. Gilbert, B.G. Chun, L.P.Cox, J.Jung, P.McDaniel,
A.P.Sheth: TaintDroid: An information on tracking system for
realtime privacy monitoring on smart-phones: In OSDI’10
Proceedings of the 9th USENIX conference on Operating
systems design and implementation, pp. 1-6 , USENIX
Association Berkeley, CA,USA (2010 )
[4] T.Blasi ng, L.Batyuk, A.D. Sch imdt, S.H.C amtepe,
S.Albayrak: An Android Application Sandbox System for
Suspicious Software Detection.
[5] McAfee Labs Q3 2011 Threats Report Press Release, 2011,
[Online] Available: http://www.mcafee.com/us/about/
news/2011/q4/20111121-01.aspx
[6] A.D.Schmidt, J.H.Clausen,S.H.Camtepe, S.Albayrak:
Detecting Symbian OS Malware through Static Function
Call Analysis: In Proceedings of the 4th IEEE International
Conference on Malicious and Unwanted Software, pp. 15-22,
IEEE, 2009.
[7] H.Kim, J.Smith, K.G.Shin,"Detecting energy-greedy
anomalies and mobile malware variants", In MobiSys 08:
Proceeding of the 6th international conference on Mobile
systems, applications, and services, pp. 239-252. ACM,
NewYork, 2008.
[8] A. Bose, X.Hu, K.G.Shin, T.Park,"Behavioral detection of
malware on mobile handsets", In MobiSys08: Proceeding
of the 6th international conference on Mobile systems,
applications, and services, pp. 225-238, ACM, NewYork,
2008.
[9] L.Min, Q.Cao,"Runtime-based Behavior Dynamic Analysis
System for Android Malware Detection: Advanced Materials
Research, pp. 2220-2225.
[10] V.Rastogi, Y.Chen, W.Enck: AppsPlayground: Automatic
Security Analysis of Smartphone Applications: In
CODASPY’13 Proceedings of the third ACM conference
on Data and application security and privacy, pp. 209-220.
ACM, NewYork, 2013.
[11] D.J.Wu, C.H.Mao, T.E.Wei, H.M.Lee, K.P.Wu: DroidMat:
Android Malware Detection through Manifest and API Calls
Tracing.: In Information Security (AsiaJCIS), 2012 Seventh
Asia Joint Conference, pp. 62-69, IEEE, Tokyo, 2012.
[12] R.Jhonson, Z.Wang, C.Gagnon, A.Stavrou,: Analysis of
android applications’ permissions.:In Software Security
and Reliability Companion (SERE-C) Sixth Inter-national
Conference,pp.45- 46.IEEE(2012)
[13] Y.Zhou,, Z.Wang, W.Zhou,X.Jiang: Hey, You, Get o_
of My Market: Detecting Malicious Apps in O_cial and
Alternative Android Markets: In Proceedings of the 19th
Network and Distributed System Security Symposium,San
Diego,CA(2012).International Journal of Distributed and
Parallel Systems (IJDPS) Vol.5, No.4, July 2014.
[14] L.Batyuk,M.Herpich,S.A.Camtepe,K.Raddatz,
A.D.Schmidt, S.Albayrak:Using static analysis for automatic
assessment and mitigation of unwanted and malicious
activities within Android applications.: In 6th International
Conference on Malicious and Unwanted Software, pp. 66-72,
IEEE Computer Society(2011)
[15] M.Ongtang,S.E.McLaughlin,W.Enck, P.D.McDaniel,
"Semantically rich application-centric security in android:In
Proceedings of the 25th Annual Computer Security
Application Conference (ACSAC),pp.340-349(2009)
[16] L.Xie, X.Zhang, J.P.Siefert, S.Zhu: pBMDS: a behavior-
based malware detection system for cellphone devices.:In
Wisec’10 Proceedings of the third ACM conference on
Wireless network security, Hoboken, pp. 37-48. ACM, USA,
2010.
[17] R. Schlegel et al.,“Soundcomber: A Stealthy and Context-
Aware Sound Trojan for Smartphones”, NDSS, 2011, pp.
17–33.
[18] N. Xu et al.,“Stealthy Video Capturer: A New VideoBased
Spyware in 3g Smartphones”, Proc. 2nd ACM Conf. Wireless
Network Security, 2009, pp. 69–78.
[19] F. Maggi, et al.,“A Fast Eavesdropping Attack against
Touchscreens”, 7th Int’l. Conf.Info. Assurance and Security,
2011, pp. 320–25.
IJCST Vo l . 6, IS S u e 1, Ja n - Ma r C h 2015 ISSN : 0976-8491 (Online) | ISSN : 2229-4333 (Print)
www.ijcst.com
92 InternatIonal Journal of Computer SCIenCe and teChnology
[20] R. Raguram et al.,“ispy: Automatic Reconstruction of Typed
Input from Compromising Reections”, Proc. 18th ACM
Conf. Computer and Commun. Security, 2011, pp. 527–
36.
[21] Longfei Wu et. al.,“Security Threats to Mobile Multimedia
Applications: Camera-Based Attacks on Mobile Phones”,
Security in Wireless Multimedia Communications, IEEE
Communications Magazine, March 2014, pp. 80-87.
... Users go to third party applications and if the source application is a problem, users are at risk of installing malicious programs. As a result, they can steal personal information or gain root access to their device [33,34]. ...
Article
Full-text available
Millennials, members of the Generation Y are constantly connected to their social circles online, they are the founders of the social media movement. These young consumers count as the largest segment of smartphone owners in most regions of the world. In fact, smartphones have become one of the most important possessions of this highly technology savvy generation. However, the advanced and widespread use of mobile devices often does not meet with the required security consciousness. People who have grown up with internet, are more likely to share personal and sensitive corporate information online by using the same device for both work and private applications, accessing free Wi-Fi networks or borrowing other devices without the appropriate protection. This work examines the crucial smartphone security risks that users face with the new technology. It aims to investigate how their practices and behaviours can pose security risks on their smartphones usage. Security practices and awareness can be improved by increasing users' knowledge. To accomplish this, education on technology is needed.
Article
Full-text available
The technological advancements in mobile connectivity services such as GPRS, GSM, 3G, 4G, Blue-tooth, WiMAX, and Wi-Fi made mobile phones a necessary component of our daily lives. Also, mobile phones have become smart which let the users perform routine tasks on the go. However, this rapid increase in technology and tremendous usage of the smartphones make them vulnerable to malware and other security breaching attacks. This diverse range of mobile connectivity services, device software platforms, and standards make it critical to look at the holistic picture of the current developments in smartphone security research. In this paper, our contribution is twofold. Firstly, we review the threats, vulnerabilities, attacks and their solutions over the period of 2010-2015 with a special focus on smartphones. Attacks are categorized into two types, i.e., old attack and new attacks. With this categorization, we aim to provide an easy and concise view of different attacks and the possible solutions to improve smartphone security. Secondly, we critically analyze our findings and estimate the market growth of different operating systems for the smartphone in coming years. Furthermore, we estimate the malware growth and forecast the world in 2020.
Article
Full-text available
In this paper, we present a systematic study for the de-tection of malicious applications (or apps) on popular An-droid Markets. To this end, we first propose a permission-based behavioral footprinting scheme to detect new sam-ples of known Android malware families. Then we apply a heuristics-based filtering scheme to identify certain inher-ent behaviors of unknown malicious families. We imple-mented both schemes in a system called DroidRanger. The experiments with 204, 040 apps collected from five different Android Markets in May-June 2011 reveal 211 malicious ones: 32 from the official Android Market (0.02% infec-tion rate) and 179 from alternative marketplaces (infection rates ranging from 0.20% to 0.47%). Among those mali-cious apps, our system also uncovered two zero-day mal-ware (in 40 apps): one from the official Android Market and the other from alternative marketplaces. The results show that current marketplaces are functional and rela-tively healthy. However, there is also a clear need for a rigorous policing process, especially for non-regulated al-ternative marketplaces.
Article
Full-text available
Today's mobile smartphones are very powerful, and many smartphone applications use wireless multimedia communications. Mobile phone security has become an important aspect of security issues in wireless multimedia communications. As the most popular mobile operating system, Android security has been extensively studied by researchers. However, few works have studied mobile phone multimedia security. In this article, we focus on security issues related to mobile phone cameras. Specifically, we discover several new attacks that are based on the use of phone cameras. We implement the attacks on real phones, and demonstrate the feasibility and effectiveness of the attacks. Furthermore, we propose a lightweight defense scheme that can effectively detect these attacks.
Conference Paper
Full-text available
In the last decade, smartphones have gained widespread usage. Since the advent of online appli-cation stores, hundreds of thousands of applications have become instantly available to millions of smart-phone users. Within the Android ecosystem, appli-cation security is governed by digital signatures and a list of coarse-grained permissions. However, this mechanism is not fine-grained enough to provide the user with a sufficient means of control of the applica-tions' activities. Abuse of highly sensible private in-formation such as phone numbers without users' no-tice is the result. We show that there is a high fre-quency of privacy leaks even among widely popular applications. Together with the fact that the major-ity of the users are not proficient in computer security, this presents a challenge to the engineers developing security solutions for the platform. Our contribution is twofold: first, we propose a service which is able to assess Android Market applications via static analysis and provide detailed, but readable reports to the user. Second, we describe a means to mitigate security and privacy threats by automated reverse-engineering and refactoring binary application packages according to the users' security preferences.
Conference Paper
Full-text available
Smartphones are steadily gaining popularity, creating new application areas as their capabilities increase in terms of computational power, sensors and communication. Emerging new features of mobile devices give opportunity to new threats. Android is one of the newer operating systems targeting smartphones. While being based on a Linux kernel, Android has unique properties and specific limitations due to its mobile nature. This makes it harder to detect and react upon malware attacks if using conventional techniques. In this paper, we propose an Android Application Sandbox (AASandbox) which is able to perform both static and dynamic analysis on Android programs to automatically detect suspicious applications. Static analysis scans the software for malicious patterns without installing it. Dynamic analysis executes the application in a fully isolated environment, i.e. sandbox, which intervenes and logs low-level interactions with the system for further analysis. Both the sandbox and the detection algorithms can be deployed in the cloud, providing a fast and distributed detection of suspicious software in a mobile software store akin to Google's Android Market. Additionally, AASandbox might be used to improve the efficiency of classical anti-virus applications available for the Android operating system.
Conference Paper
Full-text available
Smartphones become very critical part of our lives as they offer advanced capabilities with PC-like functionalities. They are getting widely deployed while not only being used for classical voice-centric communication. New smartphone malwares keep emerging where most of them still target Symbian OS. In the case of Symbian OS, application signing seemed to be an appropriate measure for slowing down malware appearance. Unfortunately, latest examples showed that signing can be bypassed resulting in new malware outbreak. In this paper, we present a novel approach to static malware detection in resource-limited mobile environments. This approach can be used to extend currently used third-party application signing mechanisms for increasing malware detection capabilities. In our work, we extract function calls from binaries in order to apply our clustering mechanism, called centroid. This method is capable of detecting unknown malwares. Our results are promising where the employed mechanism might find application at distribution channels, like online application stores. Additionally, it seems suitable for directly being used on smartphones for (pre-)checking installed applications.
Article
The most serious threats for Android users is come from application, However, the market lack a mechanism to validate whether these applications are malware or not. So, malware maybe leak users private information, malicious deductions for send premium SMS, get root privilege of the Android system and so on. In the traditional method of malware detection, signature is the only basis. It is far enough. In this paper, we propose a runtime-based behavior dynamic analysis for Android malware detection. The new scheme can be implemented as a system. We analyze 350 applications come from third-party Android market, the result show that our system can effectively detect unknown malware and the malicious behavior of malware.
Conference Paper
We developed an architecture that automatically searches for and downloads Android applications from the Android Market. Furthermore, we created a detailed mapping of Android application programming interface (API) calls to the required permission(s), if any, for each call. We then performed an analysis of 141,372 Android applications to determine if they have the appropriate set of permissions based on the static analysis of the APK bytecode of each application. Our findings indicate that the majority of mobile software developers are not using the correct permission set and that they either over-specify or under-specify their security requirements.
Conference Paper
Recently, the threat of Android malware is spreading rapidly, especially those repackaged Android malware. Although understanding Android malware using dynamic analysis can provide a comprehensive view, it is still subjected to high cost in environment deployment and manual efforts in investigation. In this study, we propose a static feature-based mechanism to provide a static analyst paradigm for detecting the Android malware. The mechanism considers the static information including permissions, deployment of components, Intent messages passing and API calls for characterizing the Android applications behavior. In order to recognize different intentions of Android malware, different kinds of clustering algorithms can be applied to enhance the malware modeling capability. Besides, we leverage the proposed mechanism and develop a system, called Droid Mat. First, the Droid Mat extracts the information (e.g., requested permissions, Intent messages passing, etc) from each application's manifest file, and regards components (Activity, Service, Receiver) as entry points drilling down for tracing API Calls related to permissions. Next, it applies K-means algorithm that enhances the malware modeling capability. The number of clusters are decided by Singular Value Decomposition (SVD) method on the low rank approximation. Finally, it uses kNN algorithm to classify the application as benign or malicious. The experiment result shows that the recall rate of our approach is better than one of well-known tool, Androguard, published in Black hat 2011, which focuses on Android malware analysis. In addition, Droid Mat is efficient since it takes only half of time than Androguard to predict 1738 apps as benign apps or Android malware.
Article
We investigate the implications of the ubiquity of personal mobile devices and reveal new techniques for compromising the privacy of users typing on virtual keyboards. Specifically, we show that so-called compromising reflections (in, for example, a victim's sunglasses) of a device's screen are sufficient to enable automated reconstruction, from video, of text typed on a virtual keyboard. Through the use of advanced computer vision and machine learning techniques, we are able to operate under extremely realistic threat models, in real-world operating conditions, which are far beyond the range of more traditional OCR-based attacks. In particular, our system does not require expensive and bulky telescopic lenses: rather, we make use of off-the-shelf, handheld video cameras. In addition, we make no limiting assumptions about the motion of the phone or of the camera, nor the typing style of the user, and are able to reconstruct accurate transcripts of recorded input, even when using footage captured in challenging environments (e.g., on a moving bus). To further underscore the extent of this threat, our system is able to achieve accurate results even at very large distances-up to 61 m for direct surveillance, and 12 m for sunglass reflections. We believe these results highlight the importance of adjusting privacy expectations in response to emerging technologies.
Conference Paper
Today's smartphone application markets host an ever increasing number of applications. The sheer number of applications makes their review a daunting task. We propose AppsPlayground for Android, a framework that automates the analysis smartphone applications. AppsPlayground integrates multiple components comprising different detection and automatic exploration techniques for this purpose. We evaluated the system using multiple large scale and small scale experiments involving real benign and malicious applications. Our evaluation shows that AppsPlayground is quite effective at automatically detecting privacy leaks and malicious functionality in applications.