Understanding Android Security
IEEE Security and Privacy
Semantically Rich Application-Centric Security in Android
ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
Google Android: A Comprehensive Security Assessment
IEEE Security and Privacy
Malware Detection on Mobile Devices
MDM '10 Proceedings of the 2010 Eleventh International Conference on Mobile Data Management
Securing Android-Powered Mobile Devices Using SELinux
IEEE Security and Privacy
A Small But Non-negligible Flaw in the Android Permission Scheme
POLICY '10 Proceedings of the 2010 IEEE International Symposium on Policies for Distributed Systems and Networks
| Hi-index | 0.00 |
The majority of malware seen on Android has a top-down approach often targeting application programming interfaces (API) of the financially rewarding telephony and short message service (SMS). In this paper we present a proof of concept of compromising an Android based smartphone by targeting the underlying Linux kernel. We adopt an unorthodox bottom-up approach on modifying the operating system to allow an application to re-route the Android debug bridge (ADB) daemon onto a wireless link. We support our research using case scenarios to show how information can be extracted and inserted into the smartphone without the knowledge of the user. We discuss how the Android build environment can be changed to harness functionality from secured operations. We also discuss how an application can be designed to function with minimum resources, be hidden and perform operations without user consent or interaction. We also provide an overview of how a rooted Android operating system can be misused.