Apex: extending Android permission model and enforcement with user-defined runtime constraints
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Paranoid Android: versatile protection for smartphones
Proceedings of the 26th Annual Computer Security Applications Conference
All your droid are belong to us: a survey of current android attacks
WOOT'11 Proceedings of the 5th USENIX conference on Offensive technologies
Android permissions demystified
Proceedings of the 18th ACM conference on Computer and communications security
| Hi-index | 0.00 |
This paper presents a novel denial-of-service attack targeted at popular smartphones. This type of attack, which we call a Denial-of-Convenience DoC attack, prevents non-technical savvy victims from utilising data services by exploiting the Wi-Fi connectivity protocol of smartphones. By setting up a fake Wi-Fi access point without internet access, an attacker can prompt a smartphone to automatically terminate a valid mobile broadband connection. Thus, preventing the targeted smartphone from having internet access unless the victim is capable of identifying the attack and manually disable the Wi-Fi features. We demonstrate that most popular smartphones, including Android and iPhone phones, are vulnerable to DoC attacks. To address this attack we propose, implement, and evaluate a novel validation protocol that uses the cellular network to send a secret key phrase to an internet validation server. Then, attempts to retrieve it via the newly established Wi-Fi channel to validate the Wi-Fi access point.