System-level attacks against android by exploiting asynchronous programming

Ting Chen, Xiaoqi Li, Xiapu Luo, Xiaosong Zhang

Research output: Journal article publicationJournal articleAcademic researchpeer-review

3 Citations (Scopus)

Abstract

In this work, we conduct a systematic study on IntentService, one of the async constructs provided by Android using static program analysis, and find that in Android 6, 974 intents can be sent by third-party applications without protection. Based on this observation, we develop a tool, ATUIN, to demonstrate the feasibility of attacking a CPU automatically by exploiting the intents that can be handled by an Android system. Furthermore, by investigating the unprotected intents, we discover tens of critical vulnerabilities that have not been reported before, including Wi-Fi DoS, telephone signal blocking, SIM card removal, homescreen hiding, and NFC state cheating. Our study sheds light on research into protecting asynchronous programming from being exploited by hackers.
Original languageEnglish
Pages (from-to)1-26
Number of pages26
JournalSoftware Quality Journal
DOIs
Publication statusAccepted/In press - 31 May 2017

Keywords

  • Android
  • Asynchronous programming
  • Homescreen hiding
  • IntentService
  • NFC state cheating
  • SIM card removal
  • System-level attacks
  • Telephone signal block
  • Wi-Fi DoS

ASJC Scopus subject areas

  • Software
  • Safety, Risk, Reliability and Quality

Cite this