In this paper, we study some messaging design decisions which resulted in a set of vulnerabilities in the Android operating system, and we demonstrate how a malware application can be built to abuse these vulnerabilities. The application presents itself as a regular SMS messaging application and uses its basic permissions to send/receive short messages. Since many operators worldwide provide services that allow users to transfer credits/units through SMS, the application abuses this service to transfer credits from users illegally. The "permission" subsystem, the "broadcast receiver" subsystem, and the message-sending mechanism contribute to forming a haven for SMS malware by granting them absolute control over sending, receiving, and hiding SMS messages. Accordingly, the malicious application hides any acknowledgments from the telecom operator that might appear after a credit transfer transaction. This enables malware to drain the balance of the attacked user and has the potential to cause damage to a large number of users as well as telecom operators. The application was demonstrated on a local operator and it successfully passed standard screening procedures that claim to catch malware. A set of possible solutions are also presented in order to mitigate the risks of such attacks.
[1]
Yajin Zhou,et al.
Dissecting Android Malware: Characterization and Evolution
,
2012,
2012 IEEE Symposium on Security and Privacy.
[2]
Thomas F. La Porta,et al.
Exploiting open functionality in SMS-capable cellular networks
,
2008,
J. Comput. Secur..
[3]
Sahin Albayrak,et al.
Smartphone malware evolution revisited: Android next target?
,
2009,
2009 4th International Conference on Malicious and Unwanted Software (MALWARE).
[4]
Ahmad-Reza Sadeghi,et al.
Privilege Escalation Attacks on Android
,
2010,
ISC.
[5]
David A. Wagner,et al.
Android permissions: user attention, comprehension, and behavior
,
2012,
SOUPS.
[6]
Charlie Miller,et al.
Injecting SMS messages into smart phones for security analysis
,
2009
.
[7]
Thomas F. La Porta,et al.
Exploiting open functionality in SMS-capable cellular networks
,
2005,
CCS '05.