Sei sulla pagina 1di 8

MALWARE ATTACKS ON THE ANDROID OPERATING SYSTEM

Sebastian Vasile 510290

Table of Contents
Introduction .................................................................................................................................................. 2 Research Questions ...................................................................................................................................... 3 Analysis ......................................................................................................................................................... 3 Conclusion ..................................................................................................................................................... 6 References .................................................................................................................................................... 7

Introduction
In recent years smartphones have experienced an incredible growth on the market and in popularity of day-to-day activities. People have started using smartphones for different cases such as: web browsing, social networking, online banking, and more, replacing the less accessible desktop. Smartphones also provide functionalities that are unique to mobile phones, like SMS messaging, GPS data, and everywhere access (Asaf, Yuval, Uri, Yuval, & Shlomi, 2009). Multiple smartphone platforms are competing for dominance on these mobile devices. At present, Googles Android platform1 has surpassed Symbian2 and iOS3 to become the most popular smartphone platform, being installed on more than half of all smartphones 4shipped (Michael, Yajin, Qiang, Shihong, & Xuxian, 2012 ). Given their popularity and functionality, smartphones are an increasing target for malicious attacks that affect the users privacy and confidential data. (Michael, Yajin, Qiang, Shihong, & Xuxian, 2012 ) Smartphones are susceptible to a variety of attacks because they were designed to be open, programmable and linked with one another. An infected smartphone can cause severe damage to both users and the cellular service provider (Asaf, Yuval, Uri, Yuval, & Shlomi, 2009). There are three types of threats: malware, grayware, and personal spyware. (Adrienne, Matthew, Erika, Steven, & David, 2011).Malware on a smartphone can make the phone partially or fully unusable, cause unwanted billing, steal private information (possibly by phishing and social engineering methods) or infect every name in a users phonebook. Grayware spies on users, but the companies that distribute grayware do not aim to harm users. Pieces of grayware provide real functionality and value to the users. Personal spyware collects data about the user and can install certain applications on the device without informing the user and sending their personal information. In this research paper the focus will be on Malware attacks only on the Android Operating System Malware attacks were chosen as a topic of analysis due to their potential threat to the privacy of users of Smartphones that use the Android Operating System. The analysis of how these attack can be propagated will be done. Also a breakdown of how Android detects and prevents Malware attacks will be done. Lastly the paper will examine areas where Android is vulnerable to these attacks and what actions should be taken in case one occurs.

1 2

http://www.android.com/ http://www.allaboutsymbian.com/ 3 http://www.apple.com/ios/

Research Questions
How can the Android Operating System prevent and detect malware attacks?
What mechanisms are integrated into Android to prevent malware attacks? How can the Android System be exposed to malware attacks? Which best practices can be used in order to prevent a malware attack?

Analysis
The analysis will start with an investigation of the Android Operating System and how it handles its applications. This is important in order to realize how the Android Architecture is built and where its weaknesses are. Android is an application execution environment designed for mobile devices (smartphones, tablets etc.) that incorporates an operating system, an application framework and core applications. The language that the applications are written is Java and it is based on the APIs provided by the Android Software Development Kit (SDK). The operating systems is a Linux based operating system and because of that it is extremely flexible. Android uses Linux for its device drivers, memory management, process management, and networking. (Asaf, Yuval, Uri, Yuval, & Shlomi, 2009) Android is a multi-process system, where each application (and parts of the system) runs in its own process. Given that each application functions independently this creates a level of security as the applications are not usually allowed to communicate with each other or system core functions unless given permissions. Security between applications and the system is enforced at the process level through standard Linux facilities, such as user and group IDs assigned to applications. In addition, access-control is provided through a permission mechanism that enforces restrictions on the specific operations that a particular application can perform. Several security aspects and mechanisms are bundled by Google in the Android framework. Having this security features implemented at the core level, Android can protect its users from most of the malware attacks that it comes across. Even so, like any system it has its own weak spots that the attackers can exploit and take advantage of. (Asaf, Yuval, Uri, Yuval, & Shlomi, 2009)

Next the research will focus on areas that Android is vulnerable to Malware attacks and at means that these attacks spread. A way of exploiting the Android System is by taking advantage of the open application market and users lack of attention when installing an application. Android Developers can directly place their applications on the Android Market, and there is no review of the applications before they arrive there. Android phones require applications to be signed, but they can be self-signed. So, Google uses these signatures for bookkeeping, not to control what code can run. Because of this, Android users can download apps from anywhere, not just the Android Market. Instead of using a top-down method to Malware prevention, Android uses crowd sourcing. Users rate and comment on apps and they can see how many other users have downloaded an app and can report malicious apps to Google. If enough users complain about an app, Google will remove it from the Market and can remotely remove it from devices. (Charlie, 2011) Another way of delivering a Malware attack is through the usage of advertisements that can be placed in actual legitimate applications that use ads as a mean of monetization. The user can click intentionally or by mistake on the advertisement and at that point software or information can be retrieve from his phone. Malware developers can also take advantage of the Android System lacking Address space layout randomization (ASLR) or Data Execution Prevention (DEP) (Charlie, 2011). Address space layout randomization (ASLR) is a computer security
technique involved in protection from buffer overflow attacks. In order to prevent an attacker from reliably jumping to a particular exploited function in memory (for example), ASLR involves randomly arranging the positions of key data areas of a program, including the base of the executable and the positions of the stack, heap, and libraries, in a process's address space (Asaf, Yuval, Uri, Yuval, & Shlomi, 2009). Data Execution Prevention (DEP) is a security feature included in modern operating systems: it is preventing the content of a region of memory identified as containing data other than executable instructions to be executed as instructions by a program, service, device driver, etc. It is known to be available in Linux, Mac OS X, iOS and Microsoft Windows (Asaf, Yuval, Uri, Yuval, & Shlomi, 2009).

One more form of exploiting the Android System is through the usage of SMS messaging system and through it to install keyboard sniffing mechanism that then can be used to retrieve sensitive information from the user. (Charlie, 2011) Attacks on the smartphones can be propagate through the cellular network, SMS, Bluetooth, Internet, by Wi-Fi, GPRS or 3G, Storage Devices or through different applications installed on the device. (Michael, Yajin, Qiang, Shihong, & Xuxian, 2012 ) The last part of this analysis will be about how users can prevent Malware attacks on their Android smartphones. The first measure that users should consider is to exert caution when they are installing apps from outside the devices app store. This operation is referred to as sideloading. Sideloading is disabled by default for security reasons but it does not stop users from activating it so that is why they should pay extra attention when doing so (Hoffman, 2013). Another measure that users can take is to avoid auspicious third-party App Stores. Malware may also come from third-party app stores whose owners either dont inspect the

apps in their store for malware or dont care that malware is b eing pushed through their store (Hoffman, 2013). Also users should take care when installing apps from Google Play. They shouldnt install suspicious-looking apps with bad reviews (or few reviews), apps that require too many permissions (like games with permission to send SMS messages), and other suspicious-looking apps (Hoffman, 2013). One other thing that Android smartphone operators should do is to update their devices on a regular basis because just like on another operating systems, security problems are occasionally found with the Android operating system and devices using it (Hoffman, 2013).

Conclusion
The Android Operating System comes with a lot of build in security measures that prevent malware attacks from being successful. It is designed so that each application runs separately from the rest of the system and communication with core functions is only done through the usage of permissions. But even with this level of security the system has its own weaknesses that attackers will not hesitate to exploit. Malware attacks can come through the application market in the form of user installed applications that retrieve personal data, or through SMS messaging and keyboard sniffing, or advertisements in legitimate application that the user access. All in all, having this information about Malware attacks and the ways they circulate, the users can be more aware of the software that they install and the permissions that they give to applications in order to prevent personal sensitive information about them.

References
Adrienne, P. F., Matthew, F., Erika, C., Steven, H., & David, W. (2011). A Survey of Mobile Malware in the Wild. SPSM '11 Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, 3-14. Asaf, S., Yuval, F., Uri, K., Yuval, E., & Shlomi, D. (2009, December 27). Google Android: A State-of-the-Art Review of Security . Retrieved from http://arxiv.org/: ftp/arxiv/papers/0912/0912.5101.pdf Aubrey-Derrick, S., Hans-Gunther, S., Leonid, B., Jan, C. H., Seyit, C. A., & Sahin, A. (2009). Smartphone Malware Evolution Revisited: Android Next Target? Malicious and Unwanted Software (MALWARE), 2009 4th International Conference on, 1-7. Charlie, M. (2011). Mobile Attacks and Defense. Security & Privacy, IEEE (Volume:9 , Issue: 4 ), 68-70. Hoffman, C. (2013, March 18). How to Avoid Android Malware and Other Android Security Threats. Retrieved from How-To Geek: http://www.howtogeek.com/140900/how-to-avoid-androidmalware-and-other-android-security-threats/ Michael, G., Yajin, Z., Qiang, Z., Shihong, Z., & Xuxian, J. (2012 ). RiskRanker: Scalable and Accurate Zeroday Android. MobiSys '12 Proceedings of the 10th international conference on Mobile systems, applications, and services, 281-294.

Potrebbero piacerti anche