A new sensors-based covert channel on android

Ahmed Al-Haiqi, Mahamod Ismail, Rosdiadee Nordin

Research output: Contribution to journalArticle

19 Citations (Scopus)

Abstract

Covert channels are not new in computing systems, and have been studied since their first definition four decades ago. New platforms invoke thorough investigations to assess their security. Now is the time for Android platform to analyze its security model, in particular the two key principles: process-isolation and the permissions system. Aside from all sorts of malware, one threat proved intractable by current protection solutions, that is, collusion attacks involving two applications communicating over covert channels. Still no universal solution can countermeasure this sort of attack unless the covert channels are known. This paper is an attempt to reveal a new covert channel, not only being specific to smartphones, but also exploiting an unusual resource as a vehicle to carry covert information: sensors data. Accelerometers generate signals that reflect user motions, and malware applications can apparently only read their data. However, if the vibration motor on the device is used properly, programmatically produced vibration patterns can encode stolen data and hence an application can cause discernible effects on acceleration data to be received and decoded by another application. Our evaluations confirmed a real threat where strings of tens of characters could be transmitted errorless if the throughput is reduced to around 2.5-5 bps. The proposed covert channel is very stealthy as no unusual permissions are required and there is no explicit communication between the colluding applications.

Original languageEnglish
Pages (from-to)969628
Number of pages1
JournalTheScientificWorldJournal
Volume2014
DOIs
Publication statusPublished - 2014

Fingerprint

Vibration
sensor
Sensors
vibration
Equipment and Supplies
accelerometer
Smartphones
Accelerometers
Throughput
communication
Communication
resource
Smartphone
permission
Malware

ASJC Scopus subject areas

  • Medicine(all)

Cite this

A new sensors-based covert channel on android. / Al-Haiqi, Ahmed; Ismail, Mahamod; Nordin, Rosdiadee.

In: TheScientificWorldJournal, Vol. 2014, 2014, p. 969628.

Research output: Contribution to journalArticle

Al-Haiqi, Ahmed ; Ismail, Mahamod ; Nordin, Rosdiadee. / A new sensors-based covert channel on android. In: TheScientificWorldJournal. 2014 ; Vol. 2014. pp. 969628.
@article{79ecd0cee24e4a87b990f77f3b78c78a,
title = "A new sensors-based covert channel on android",
abstract = "Covert channels are not new in computing systems, and have been studied since their first definition four decades ago. New platforms invoke thorough investigations to assess their security. Now is the time for Android platform to analyze its security model, in particular the two key principles: process-isolation and the permissions system. Aside from all sorts of malware, one threat proved intractable by current protection solutions, that is, collusion attacks involving two applications communicating over covert channels. Still no universal solution can countermeasure this sort of attack unless the covert channels are known. This paper is an attempt to reveal a new covert channel, not only being specific to smartphones, but also exploiting an unusual resource as a vehicle to carry covert information: sensors data. Accelerometers generate signals that reflect user motions, and malware applications can apparently only read their data. However, if the vibration motor on the device is used properly, programmatically produced vibration patterns can encode stolen data and hence an application can cause discernible effects on acceleration data to be received and decoded by another application. Our evaluations confirmed a real threat where strings of tens of characters could be transmitted errorless if the throughput is reduced to around 2.5-5 bps. The proposed covert channel is very stealthy as no unusual permissions are required and there is no explicit communication between the colluding applications.",
author = "Ahmed Al-Haiqi and Mahamod Ismail and Rosdiadee Nordin",
year = "2014",
doi = "10.1155/2014/969628",
language = "English",
volume = "2014",
pages = "969628",
journal = "Scientific World Journal",
issn = "2356-6140",
publisher = "Hindawi Publishing Corporation",

}

TY - JOUR

T1 - A new sensors-based covert channel on android

AU - Al-Haiqi, Ahmed

AU - Ismail, Mahamod

AU - Nordin, Rosdiadee

PY - 2014

Y1 - 2014

N2 - Covert channels are not new in computing systems, and have been studied since their first definition four decades ago. New platforms invoke thorough investigations to assess their security. Now is the time for Android platform to analyze its security model, in particular the two key principles: process-isolation and the permissions system. Aside from all sorts of malware, one threat proved intractable by current protection solutions, that is, collusion attacks involving two applications communicating over covert channels. Still no universal solution can countermeasure this sort of attack unless the covert channels are known. This paper is an attempt to reveal a new covert channel, not only being specific to smartphones, but also exploiting an unusual resource as a vehicle to carry covert information: sensors data. Accelerometers generate signals that reflect user motions, and malware applications can apparently only read their data. However, if the vibration motor on the device is used properly, programmatically produced vibration patterns can encode stolen data and hence an application can cause discernible effects on acceleration data to be received and decoded by another application. Our evaluations confirmed a real threat where strings of tens of characters could be transmitted errorless if the throughput is reduced to around 2.5-5 bps. The proposed covert channel is very stealthy as no unusual permissions are required and there is no explicit communication between the colluding applications.

AB - Covert channels are not new in computing systems, and have been studied since their first definition four decades ago. New platforms invoke thorough investigations to assess their security. Now is the time for Android platform to analyze its security model, in particular the two key principles: process-isolation and the permissions system. Aside from all sorts of malware, one threat proved intractable by current protection solutions, that is, collusion attacks involving two applications communicating over covert channels. Still no universal solution can countermeasure this sort of attack unless the covert channels are known. This paper is an attempt to reveal a new covert channel, not only being specific to smartphones, but also exploiting an unusual resource as a vehicle to carry covert information: sensors data. Accelerometers generate signals that reflect user motions, and malware applications can apparently only read their data. However, if the vibration motor on the device is used properly, programmatically produced vibration patterns can encode stolen data and hence an application can cause discernible effects on acceleration data to be received and decoded by another application. Our evaluations confirmed a real threat where strings of tens of characters could be transmitted errorless if the throughput is reduced to around 2.5-5 bps. The proposed covert channel is very stealthy as no unusual permissions are required and there is no explicit communication between the colluding applications.

UR - http://www.scopus.com/inward/record.url?scp=84931417290&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84931417290&partnerID=8YFLogxK

U2 - 10.1155/2014/969628

DO - 10.1155/2014/969628

M3 - Article

C2 - 25295311

AN - SCOPUS:84931417290

VL - 2014

SP - 969628

JO - Scientific World Journal

JF - Scientific World Journal

SN - 2356-6140

ER -