How your phone camera can be used to stealthily spy on you: Transplantation attacks against android camera service

Zhongwen Zhang, Peng Liu, Ji Xiang, Jiwu Jing, Lingguang Lei

Research output: Chapter in Book/Report/Conference proceedingConference contribution

8 Scopus citations

Abstract

Based on the observations that spy-on-user attacks by call- ing Android APIs will be detected out by Android API auditing, we studied the possibility of a "transplantation attack", through which a malicious app can take privacy- harming pictures to spy on users without the Android API auditing being aware of it. Usually, to take a picture, apps need to call APIs of Android Camera Service which runs in mediaserver process. Transplantation attack is to transplant the picture taking code from mediaserver process to a mali- cious app process, and the malicious app can call this code to take a picture in its own address space without any IPC. As a result, the API auditing can be evaded. Our experiments confirm that transplantation attack indeed exists. Also, the transplantation attack makes the spy-on-user attack much more stealthy. The evaluation result shows that nearly a half of 69 smartphones (manufactured by 8 vendors) test- ed let the transplantation attack discovered by us succeed. Moreover, the attack can evade 7 Antivirus detectors, and Android Device Administration which is a set of APIs that can be used to carry out mobile device management in en- terprise environments. The transplantation attack inspires us to uncover a subtle design/implementation deficiency of the Android security.

Original languageEnglish (US)
Title of host publicationCODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy
PublisherAssociation for Computing Machinery, Inc
Pages99-110
Number of pages12
ISBN (Electronic)9781450331913
DOIs
StatePublished - Mar 2 2015
Event5th ACM Conference on Data and Application Security and Privacy, CODASPY 2015 - San Antonio, United States
Duration: Mar 2 2015Mar 4 2015

Publication series

NameCODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy

Other

Other5th ACM Conference on Data and Application Security and Privacy, CODASPY 2015
CountryUnited States
CitySan Antonio
Period3/2/153/4/15

All Science Journal Classification (ASJC) codes

  • Information Systems
  • Software
  • Computer Science Applications

Fingerprint Dive into the research topics of 'How your phone camera can be used to stealthily spy on you: Transplantation attacks against android camera service'. Together they form a unique fingerprint.

Cite this