| Publikationstyp: | Konferenz: Sonstiges |
| Art der Begutachtung: | Peer review (Abstract) |
| Titel: | Simple spyware : Androids invisible foreground services and how to (ab)use them |
| Autor/-in: | Sutter, Thomas Tellenbach, Bernhard |
| et. al: | No |
| Angaben zur Konferenz: | Black Hat Europe, London, 2.-5. Dezemeber 2019 |
| Erscheinungsdatum: | 5-Dez-2019 |
| Sprache: | Englisch |
| Schlagwörter: | Android Oreo; Android Pie; Android10; Mobile Security; Security; Spyware; Malware; Foreground |
| Fachgebiet (DDC): | 005: Computerprogrammierung, Programme und Daten |
| Zusammenfassung: | With the releases of Android Oreo and Pie, Google introduced some background execution limits for Android apps [1],[2]. In order to save battery life and prevent sensor access, apps were restricted in how they were capable of executing background services. Apps were no longer allowed to run background services in idle state and therefore preventing apps from using the devices resources like the camera. These limitations however, would not affect so-called foreground services, because foreground services show a permanently visible notification to the user and could therefore be stopped by the user at any time. Our research found out that a flaw in the API exists, which allows to start invisible foreground services, making the introduced limitations useless. Foreground services do not show any visual notification when the execution time of the service is shorter than five seconds. Using this and combining it with another flaw in Androids Job Scheduler API allows to constantly execute arbitrary tasks from a background context. This allows apps to use the resources of the device, even when the app is closed, or the device is in stand-by. Furthermore, we can prove that these flaws can be abused for constantly spying on the user and allowing malware developers to create spyware without the need of complicated exploitation. This simple to implement spyware shows that Androids permission model can't prevent an excessive use of permissions and that the limitations do not prevent the collection of the user's sensitive data. In order to prevent such attacks, it would be necessary to constantly monitor the apps permission usage or to revoke the permissions after every use. Such prevention mechanisms already exist but aren't widely used, which sets the users privacy and security at risk. We will show what users can do in order to guard themselves against such spyware attacks. Furthermore, we will introduce our solution ideas to detect such spyware on Android. [1]: Googles Android Oreo Release Notes: https://developer.android.com/about/versions/oreo/background [2]: Googles Android Pie Release Notes: https://developer.android.com/about/versions/pie/android-9.0-changes-all |
| URI: | https://digitalcollection.zhaw.ch/handle/11475/19516 |
| Volltext Version: | Publizierte Version |
| Lizenz (gemäss Verlagsvertrag): | Keine Angabe |
| Departement: | School of Engineering |
| Organisationseinheit: | Institut für Informatik (InIT) |
| Enthalten in den Sammlungen: | Publikationen School of Engineering |
Dateien zu dieser Ressource:
Es gibt keine Dateien zu dieser Ressource.
Zur Langanzeige
Sutter, T., & Tellenbach, B. (2019, December 5). Simple spyware : Androids invisible foreground services and how to (ab)use them. Black Hat Europe, London, 2.-5. Dezemeber 2019.
Sutter, T. and Tellenbach, B. (2019) ‘Simple spyware : Androids invisible foreground services and how to (ab)use them’, in Black Hat Europe, London, 2.-5. Dezemeber 2019.
T. Sutter and B. Tellenbach, “Simple spyware : Androids invisible foreground services and how to (ab)use them,” in Black Hat Europe, London, 2.-5. Dezemeber 2019, Dec. 2019.
SUTTER, Thomas und Bernhard TELLENBACH, 2019. Simple spyware : Androids invisible foreground services and how to (ab)use them. In: Black Hat Europe, London, 2.-5. Dezemeber 2019. Conference presentation. 5 Dezember 2019
Sutter, Thomas, and Bernhard Tellenbach. 2019. “Simple Spyware : Androids Invisible Foreground Services and How to (Ab)use Them.” Conference presentation. In Black Hat Europe, London, 2.-5. Dezemeber 2019.
Sutter, Thomas, and Bernhard Tellenbach. “Simple Spyware : Androids Invisible Foreground Services and How to (Ab)use Them.” Black Hat Europe, London, 2.-5. Dezemeber 2019, 2019.
Alle Ressourcen in diesem Repository sind urheberrechtlich geschützt, soweit nicht anderweitig angezeigt.