Graduate School and Research Center In communication systems

Analysis of the communication between colluding applications on modern smartphones

Marforio, Claudio; Ritzdorf, Hubert; Francillon, Aurélien; Capkun, Srdjan

ACSAC 2012, 28th Annual Computer Security Applications Conference, December 3-7, 2012, Orlando, Florida, USA

Modern smartphones that implement permission-based security mechanisms su er from attacks by colluding applications. Users are not made aware of possible implications   of application collusion attacks|quite the contrary|on existing platforms, users are implicitly led to believe that by approving the installation of each application independently, they can limit the damage that an application can cause. We implement and analyze a number of covert and overt communication channels that enable applications to collude and therefore indirectly escalate their permissions. Furthermore, we present and implement a covert channel between   an installed application and a web page loaded in the system browser. We measure the throughput of all these channels as well as their bit-error rate and required synchronization for   successful data transmission. The measured throughput of covert channels ranges from 3.7 bps to 3.27 kbps on a Nexus One phone and from 0.47 bps to 4.22 kbps on a Samsung   Galaxy S phone; such throughputs are sucient to eciently exchange users' sensitive information (e.g., GPS coordinates or contacts). We test two popular research tools that track information  ow or detect communication channels on mobile platforms, and con rm that even if they detect some channels, they still do not detect all the channels and therefore fail to fully prevent application collusion. Attacks using covert communication channels remain, therefore, a real threat to smartphone security and an open problem for the research community.

Document Doi Bibtex

Type:Conference
Language:English
City:Orlando
Country:UNITED STATES
Date:
Department:Networking and Security
Eurecom ref:3785
Copyright: © ACM, 2012. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in ACSAC 2012, 28th Annual Computer Security Applications Conference, December 3-7, 2012, Orlando, Florida, USA http://dx.doi.org/10.1145/2420950.2420958
Bibtex: @inproceedings{EURECOM+3785, doi = {http://dx.doi.org/10.1145/2420950.2420958}, year = {2012}, title = {{A}nalysis of the communication between colluding applications on modern smartphones}, author = {{M}arforio, {C}laudio and {R}itzdorf, {H}ubert and {F}rancillon, {A}ur{\'e}lien and {C}apkun, {S}rdjan}, booktitle = {{ACSAC} 2012, 28th {A}nnual {C}omputer {S}ecurity {A}pplications {C}onference, {D}ecember 3-7, 2012, {O}rlando, {F}lorida, {USA}}, address = {{O}rlando, {UNITED} {STATES}}, month = {12}, url = {http://www.eurecom.fr/publication/3785} }
See also: