How your phone camera can be used to stealthily spy on you: Transplantation attacks against android camera service

Zhongwen Zhang, Peng Liu, Ji Xiang, Jiwu Jing, Lingguang Lei

Research output: Chapter in Book/Report/Conference proceedingConference contribution

8 Scopus citations

Abstract

Based on the observations that spy-on-user attacks by call- ing Android APIs will be detected out by Android API auditing, we studied the possibility of a "transplantation attack", through which a malicious app can take privacy- harming pictures to spy on users without the Android API auditing being aware of it. Usually, to take a picture, apps need to call APIs of Android Camera Service which runs in mediaserver process. Transplantation attack is to transplant the picture taking code from mediaserver process to a mali- cious app process, and the malicious app can call this code to take a picture in its own address space without any IPC. As a result, the API auditing can be evaded. Our experiments confirm that transplantation attack indeed exists. Also, the transplantation attack makes the spy-on-user attack much more stealthy. The evaluation result shows that nearly a half of 69 smartphones (manufactured by 8 vendors) test- ed let the transplantation attack discovered by us succeed. Moreover, the attack can evade 7 Antivirus detectors, and Android Device Administration which is a set of APIs that can be used to carry out mobile device management in en- terprise environments. The transplantation attack inspires us to uncover a subtle design/implementation deficiency of the Android security.

Original languageEnglish (US)
Title of host publicationCODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy
PublisherAssociation for Computing Machinery
Pages99-110
Number of pages12
ISBN (Electronic)9781450331913
DOIs
StatePublished - Mar 2 2015
Event5th ACM Conference on Data and Application Security and Privacy, CODASPY 2015 - San Antonio, United States
Duration: Mar 2 2015Mar 4 2015

Publication series

NameCODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy

Other

Other5th ACM Conference on Data and Application Security and Privacy, CODASPY 2015
Country/TerritoryUnited States
CitySan Antonio
Period3/2/153/4/15

All Science Journal Classification (ASJC) codes

  • Information Systems
  • Software
  • Computer Science Applications

Fingerprint

Dive into the research topics of 'How your phone camera can be used to stealthily spy on you: Transplantation attacks against android camera service'. Together they form a unique fingerprint.

Cite this