About | Contact Us | Register | Login
ProceedingsSeriesJournalsSearchEAI
International Conference on Security and Privacy in Communication Networks. 10th International ICST Conference, SecureComm 2014, Beijing, China, September 24-26, 2014, Revised Selected Papers, Part I

Research Article

Function Escalation Attack

Download(Requires a free EAI acccount)
680 downloads
Cite
BibTeX Plain Text
  • @INPROCEEDINGS{10.1007/978-3-319-23829-6_33,
        author={Chen Cao and Yuqing Zhang and Qixu Liu and Kai Wang},
        title={Function Escalation Attack},
        proceedings={International Conference on Security and Privacy in Communication Networks. 10th International ICST Conference, SecureComm 2014, Beijing, China, September 24-26, 2014, Revised Selected Papers, Part I},
        proceedings_a={SECURECOMM},
        year={2015},
        month={11},
        keywords={Android security Dynamic code loading Function escalation attack Vulnerability},
        doi={10.1007/978-3-319-23829-6_33}
    }
    
  • Chen Cao
    Yuqing Zhang
    Qixu Liu
    Kai Wang
    Year: 2015
    Function Escalation Attack
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-319-23829-6_33
Chen Cao1,*, Yuqing Zhang1,*, Qixu Liu1,*, Kai Wang1,*
  • 1: University of Chinese Academy of Sciences
*Contact email: caochen11@mails.ucas.ac.cn, zhangyq@ucas.ac.cn, liuqixu@ucas.ac.cn, wangkai212@mails.ucas.ac.cn

Abstract

The prevalence of smartphone makes it more important in people’s business and personal life which also helps it to be a target of the malware. In this paper, we introduce a new kind of attack called Function Escalation Attack which obtains functions locally or remotely. We present three threat models: Steganography, Collusion Attack and Code Abusing. A vulnerability in Android filesystem which is used in code abusing threat model is exposed as well. Three proof-of-concept malicious apps are implemented for each threat model. They could bypass static analysis and dynamic analysis. The result shows that function escalation attack could successfully perform malicious tasks such as taking pictures, recording audio and so on.

Keywords
Android security Dynamic code loading Function escalation attack Vulnerability
Published
2015-11-23
Appears in
SpringerLink
http://dx.doi.org/10.1007/978-3-319-23829-6_33
Copyright © 2014–2025 ICST
EBSCOProQuestDBLPDOAJPortico
EAI Logo

About EAI

  • Who We Are
  • Leadership
  • Research Areas
  • Partners
  • Media Center

Community

  • Membership
  • Conference
  • Recognition
  • Sponsor Us

Publish with EAI

  • Publishing
  • Journals
  • Proceedings
  • Books
  • EUDL