AuDroid: Preventing attacks on audio channels in mobile devices

Giuseppe Petracca, Yuqiong Sun, Trent Jaeger, Ahmad Atamli

Research output: Chapter in Book/Report/Conference proceedingConference contribution

32 Scopus citations

Abstract

Voice control is a popular way to operate mobile devices, enabling users to communicate requests to their devices. However, adversaries can leverage voice control to trick mobile devices into executing commands to leak secrets or to modify critical information. Contemporary mobile operating systems fail to prevent such attacks because they do not control access to the speaker at all and fail to control when untrusted apps may use the microphone, enabling authorized apps to create exploitable communication channels. In this paper, we propose a security mechanism that tracks the creation of audio communication channels explicitly and controls the information flows over these channels to prevent several types of attacks. We design and implement AuDroid, an extension to the SE Linux reference monitor integrated into the Android operating system for enforcing lattice security policies over the dynamically changing use of system audio resources. To enhance flexibility, when information flow errors are detected, the device owner, system apps and services are given the opportunity to resolve information flow errors using known methods, enabling AuDroid to run many configurations safely. We evaluate our approach on 17 widely-used apps that make extensive use of the microphone and speaker, finding that AuDroid prevents six types of attack scenarios on audio channels while permitting all 17 apps to run effectively. AuDroid shows that it is possible to prevent attacks using audio channels without compromising functionality or introducing significant performance overhead.

Original languageEnglish (US)
Title of host publicationProceedings - 31st Annual Computer Security Applications Conference, ACSAC 2015
PublisherAssociation for Computing Machinery
Pages181-190
Number of pages10
ISBN (Electronic)9781450336826
DOIs
StatePublished - Dec 7 2015
Event31st Annual Computer Security Applications Conference, ACSAC 2015 - Los Angeles, United States
Duration: Dec 7 2015Dec 11 2015

Publication series

NameACM International Conference Proceeding Series
Volume7-11-December-2015

Other

Other31st Annual Computer Security Applications Conference, ACSAC 2015
Country/TerritoryUnited States
CityLos Angeles
Period12/7/1512/11/15

All Science Journal Classification (ASJC) codes

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'AuDroid: Preventing attacks on audio channels in mobile devices'. Together they form a unique fingerprint.

Cite this