Presented at
DeepSec 2017 „Science First!“,
Unknown date/time
(Unknown duration).
Marshmallow was a significant revision for Android. Among the new fea-
tures that were introduced one of the most significant is without any doubt the
runtime permissions. The permission model was totally redesigned categorising
the permissions into four main categories. The main concept of this categorisa-
tion is to how much risk a user is exposed to when permissions are granted. Normal permissions imply the least risk for the user. However, there are some
important issues in this case. Firstly, these permissions are not actually dis-
played to the user; they are not displayed upon installation and the user needs
to dig into several menus to find them for each app. Most importantly though,
these permissions cannot be revoked. Unlike dangerous permissions, where the
user can grant or revoke a permission whenever deemed necessary, the normal
persmissions are automatically granted and cannot be revoked, unless the user
uninstalls the app that uses them. The research question that arises from this
change is whether the apps that request only normal permissions are benign.
Note that an app requesting only normal permissions will never request any
alerting action from the user, hence the user is more probable to install it and
not worry about it. Furthermore, since these persmissions are automatically
granted, this means that any malicious action that could be made with such
permissions can be ported to any installed app as they will not require any user
interaction.
Our extensive experiments have shown that apps based only on the normal
permissions are far from being considered benign as they can exploit many na-
tive Android mechanisms to perform many malicious actions. More precisely, we
present many methods which exploit the capabilities of user interface, voice as-
sistants and intents in Android that lead to serious security issues. An overview
of where these actions can be applied will be illustrated, indicating where
Nougat is still vulnerable. The attacks which will be presented have already been disclosed to Google and Microsoft, and in some of these cases the appropriate patches have been made.
Presenters:
-
Constantinos Patsakis
- University of Piraeus
Assistant Professor Constantinos Patsakis (male) holds a B.Sc. in Mathematics from the University of Athens, Greece and a M.Sc. in Information Security from Royal Holloway, University of London. He obtained his PhD in Cryptography and Malware from the Department of Informatics of University of Piraeus. His main areas of research include cryptography, security, privacy, data anonymization and malware analysis.
He is the author of more than 70 publications in peer reviewed international conference proceedings and journals and has been teaching computer science courses at European universities for more than a decade. Dr Patsakis has been working in the industry as a freelance developer and security consultant. He has participated in several national (Greek, Spanish, Catalan and Irish) and European R&D projects. Additionally, he has worked as researcher at the UNESCO Chair in Data Privacy at the Rovira i Virgili University (URV) of Tarragona, Catalonia, Spain and as a research fellow at Trinity College, Dublin Ireland.
Links:
Similar Presentations: