Breaking and fixing the Android Launching Flow

The security model of the Android OS is based on the effective combination of a number of well-known security mechanisms (e.g. statically defined permissions for applications, the isolation offered by the Dalvik Virtual Machine, and the well-known Linux discretionary access control model). Although each security mechanism has been extensively tested and proved to be effective in isolation, their combination may suffer from unexpected security flaws. We show that this is actually the case by presenting a severe vulnerability in Android related to the application launching flow. This vulnerability is based on a security flaw affecting a kernel-level socket (namely, the Zygote socket). We also present an exploit of the vulnerability that allows a malicious application to mount a severe Denial-of-Service attack that makes the Android devices become totally unresponsive. Besides explaining the vulnerability (which affects all versions of Android up to version 4.0.3) we propose two fixes. One of the two fixes has been adopted in the official release of Android, starting with version 4.1. We empirically assess the impact of the vulnerability as well as the efficacy of the countermeasures on the end user. We conclude by extending our security analysis to the whole set of sockets, showing that other sockets do not suffer from the same vulnerability as the Zygote one.

[1]  Toshiaki Tanaka,et al.  A Formal Model to Analyze the Permission Authorization and Enforcement in the Android Framework , 2010, 2010 IEEE Second International Conference on Social Computing.

[2]  Avik Chaudhuri,et al.  SCanDroid: Automated Security Certification of Android , 2009 .

[3]  Xinwen Zhang,et al.  Apex: extending Android permission model and enforcement with user-defined runtime constraints , 2010, ASIACCS '10.

[4]  Simin Nadjm-Tehrani,et al.  Crowdroid: behavior-based malware detection system for Android , 2011, SPSM '11.

[5]  J. Foster,et al.  SCanDroid: Automated Security Certification of Android , 2009 .

[6]  Swarat Chaudhuri,et al.  A Study of Android Application Security , 2011, USENIX Security Symposium.

[7]  Mark Ryan,et al.  Proceedings of the 7th International Symposium on Trustworthy Global Computing (TGC) , 2013 .

[8]  Ahmad-Reza Sadeghi,et al.  XManDroid: A New Android Evolution to Mitigate Privilege Escalation Attacks , 2011 .

[9]  Alessandro Armando,et al.  Bring your own device, securely , 2013, SAC '13.

[10]  Steve Hanna,et al.  Android permissions demystified , 2011, CCS '11.

[11]  Lujo Bauer,et al.  Modeling and Enhancing Android's Permission System , 2012, ESORICS.

[12]  Ahmad-Reza Sadeghi,et al.  Privilege Escalation Attacks on Android , 2010, ISC.

[13]  ArmandoAlessandro,et al.  Breaking and fixing the Android Launching Flow , 2013 .

[14]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[15]  Patrick D. McDaniel,et al.  Semantically Rich Application-Centric Security in Android , 2009, 2009 Annual Computer Security Applications Conference.

[16]  Avik Chaudhuri,et al.  Language-based security on Android , 2009, PLAS '09.

[17]  Yajin Zhou,et al.  Taming Information-Stealing Smartphone Applications (on Android) , 2011, TRUST.

[18]  Dimitris Gritzalis,et al.  Smartphone security evaluation The malware attack case , 2011, Proceedings of the International Conference on Security and Cryptography.

[19]  Alessandro Armando,et al.  Formal Modeling and Reasoning about the Android Security Framework , 2012, TGC.

[20]  Stephen Chong,et al.  Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security , 2009, PLDI 2009.

[21]  Alessandro Armando,et al.  Would You Mind Forking This Process? A Denial of Service Attack on Android (and Some Countermeasures) , 2012, SEC.

[22]  Yajin Zhou,et al.  Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets , 2012, NDSS.

[23]  David A. Wagner,et al.  Analyzing inter-application communication in Android , 2011, MobiSys '11.

[24]  Sahin Albayrak,et al.  Static Analysis of Executables for Collaborative Malware Detection on Android , 2009, 2009 IEEE International Conference on Communications.

[25]  Tom Martin,et al.  Mobile phones as computing devices: the viruses are coming! , 2004, IEEE Pervasive Computing.