TY - GEN
T1 - Towards discovering and understanding task hijacking in android
AU - Ren, Chuangang
AU - Zhang, Yulong
AU - Xue, Hui
AU - Wei, Tao
AU - Liu, Peng
PY - 2015/1/1
Y1 - 2015/1/1
N2 - Android multitasking provides rich features to enhance user experience and offers great flexibility for app developers to promote app personalization. However, the security implication of Android multitasking remains under-investigated. With a systematic study of the complex tasks dynamics, we find design flaws of Android multitasking which make all recent versions of Android vulnerable to task hijacking attacks. We demonstrate proof-of-concept examples utilizing the task hijacking attack surface to implement UI spoofing, denial-of-service and user monitoring attacks. Attackers may steal login credentials, implement ransomware and spy on user’s activities. We have collected and analyzed over 6.8 million apps from various Android markets. Our analysis shows that the task hijacking risk is prevalent. Since many apps depend on the current multitasking design, defeating task hijacking is not easy. We have notified the Android team about these issues and we discuss possible mitigation techniques in this paper.
AB - Android multitasking provides rich features to enhance user experience and offers great flexibility for app developers to promote app personalization. However, the security implication of Android multitasking remains under-investigated. With a systematic study of the complex tasks dynamics, we find design flaws of Android multitasking which make all recent versions of Android vulnerable to task hijacking attacks. We demonstrate proof-of-concept examples utilizing the task hijacking attack surface to implement UI spoofing, denial-of-service and user monitoring attacks. Attackers may steal login credentials, implement ransomware and spy on user’s activities. We have collected and analyzed over 6.8 million apps from various Android markets. Our analysis shows that the task hijacking risk is prevalent. Since many apps depend on the current multitasking design, defeating task hijacking is not easy. We have notified the Android team about these issues and we discuss possible mitigation techniques in this paper.
UR - http://www.scopus.com/inward/record.url?scp=85030791452&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85030791452&partnerID=8YFLogxK
M3 - Conference contribution
T3 - Proceedings of the 24th USENIX Security Symposium
SP - 945
EP - 959
BT - Proceedings of the 24th USENIX Security Symposium
PB - USENIX Association
T2 - 24th USENIX Security Symposium
Y2 - 12 August 2015 through 14 August 2015
ER -