Towards an Intrusion Detection System for Battery Exhaustion Attacks on Mobile Computing Devices
PERCOMW '05 Proceedings of the Third IEEE International Conference on Pervasive Computing and Communications Workshops
Exploiting open functionality in SMS-capable cellular networks
Proceedings of the 12th ACM conference on Computer and communications security
Measuring integrity on mobile phone systems
Proceedings of the 13th ACM symposium on Access control models and technologies
Detecting energy-greedy anomalies and mobile malware variants
Proceedings of the 6th international conference on Mobile systems, applications, and services
Cloaker: Hardware Supported Rootkit Concealment
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Mitigating attacks on open functionality in SMS-capable cellular networks
IEEE/ACM Transactions on Networking (TON)
Stealthy video capturer: a new video-based spyware in 3G smartphones
Proceedings of the second ACM conference on Wireless network security
VirusMeter: Preventing Your Cellphone from Spies
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Semantically Rich Application-Centric Security in Android
ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
Rootkits on smart phones: attacks, implications and opportunities
Proceedings of the Eleventh Workshop on Mobile Computing Systems & Applications
Effects of Wi-Fi and Bluetooth Battery Exhaustion Attacks on Mobile Devices
HICSS '10 Proceedings of the 2010 43rd Hawaii International Conference on System Sciences
Google Android: A Comprehensive Security Assessment
IEEE Security and Privacy
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Trustworthy execution on mobile devices: what security properties can my mobile platform give me?
TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
Read it twice! a mass-storage-based TOCTTOU attack
WOOT'12 Proceedings of the 6th USENIX conference on Offensive Technologies
Exposing security risks for commercial mobile devices
MMM-ACNS'12 Proceedings of the 6th international conference on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security
An anomaly based approach for HID attack detection using keystroke dynamics
CSS'12 Proceedings of the 4th international conference on Cyberspace Safety and Security
Threat modeling of a mobile device management system for secure smart work
Electronic Commerce Research
| Hi-index | 0.00 |
The Universal Serial Bus (USB) connection has become the de-facto standard for both charging and data transfers for smart phone devices including Google's Android and Apple's iPhone. To further enhance their functionality, smart phones are equipped with programmable USB hardware and open source operating systems that empower them to alter the default behavior of the end-to-end USB communications. Unfortunately, these new capabilities coupled with the inherent trust that users place on the USB physical connectivity and the lack of any protection mechanisms render USB a insecure link, prone to exploitation. To demonstrate this new avenue of exploitation, we introduce novel attack strategies that exploit the functional capabilities of the USB physical link. In addition, we detail how a sophisticated adversary who has under his control one of the connected devices can subvert the other. This includes attacks where a compromised smart phone poses as a Human Interface Device (HID) and sends keystrokes in order to control the victim host. Moreover, we explain how to boot a smart phone device into USB host mode and take over another phone using a specially crafted cable. Finally, we point out the underlying reasons behind USB exploits and propose potential defense mechanisms that would limit or even prevent such USB borne attacks.