“The Sneaky Music Player”- Analysis of Android Application Security Threats and Countermeasures.
Ravindra, Bellur (2016-12-14)
“The Sneaky Music Player”- Analysis of Android Application Security Threats and Countermeasures.
Ravindra, Bellur
(14.12.2016)
Tätä artikkelia/julkaisua ei ole tallennettu UTUPubiin. Julkaisun tiedoissa voi kuitenkin olla linkki toisaalle tallennettuun artikkeliin / julkaisuun.
Turun yliopisto
Kuvaus
Siirretty Doriasta
Tiivistelmä
Since the advent of Android, it has been the target for hackers due to its popularity, ease of application development and limited security awareness of its users. One of the reasons for security unawareness among Android users is due to the negligence in comprehending the permissions given to an application. This negligence in a rooted device can be devastating as an application with root privileges can have access to sensitive information present in the device. This calls for creating an awareness among users by exploiting user permissions.
The main focus of this thesis is to exhibit the security implications when an application exploits the SuperUser (su) permissions granted by the user. The task of exploiting the user permissions is demonstrated by developing a Music Player application (Sneaky Music Player (SMP)) with root permissions. To be able to thoroughly present the main contribution, the thesis will also provide an overview of Android and Android app development. SMP on the foreground acts as a normal music player, but in the background it compromises user’s private information such as Wi-Fi credentials present in the device. Upon obtaining Wi-Fi credentials, it is stored in an online database for MITM, Session hijackings, eavesdropping and targeted attacks.
The covertness of SMP is measured by testing against popular antivirus applications such as ESET, Lookout, McAfee, Kaspersky and AVG. It was observed from the test results that, SMP was effective in not being detected as malicious application. Additionally, the data sent from the SMP is collected and analyzed with tools like Fiddler and SSL Packet capture and the corresponding results are presented. Finally, to avoid such privacy violations, create awareness for the users in evaluating the permissions, several countermeasures (File encryption, enhancing SELinux policies, Permission evaluation) are proposed.
The main focus of this thesis is to exhibit the security implications when an application exploits the SuperUser (su) permissions granted by the user. The task of exploiting the user permissions is demonstrated by developing a Music Player application (Sneaky Music Player (SMP)) with root permissions. To be able to thoroughly present the main contribution, the thesis will also provide an overview of Android and Android app development. SMP on the foreground acts as a normal music player, but in the background it compromises user’s private information such as Wi-Fi credentials present in the device. Upon obtaining Wi-Fi credentials, it is stored in an online database for MITM, Session hijackings, eavesdropping and targeted attacks.
The covertness of SMP is measured by testing against popular antivirus applications such as ESET, Lookout, McAfee, Kaspersky and AVG. It was observed from the test results that, SMP was effective in not being detected as malicious application. Additionally, the data sent from the SMP is collected and analyzed with tools like Fiddler and SSL Packet capture and the corresponding results are presented. Finally, to avoid such privacy violations, create awareness for the users in evaluating the permissions, several countermeasures (File encryption, enhancing SELinux policies, Permission evaluation) are proposed.