AuDroid: Preventing Attacks on Audio Channels in Mobile Devices

04/01/2016
by   Giuseppe Petracca, et al.
0

Voice control is a popular way to operate mobile devices, enabling users to communicate requests to their devices. However, adversaries can leverage voice control to trick mobile devices into executing commands to leak secrets or to modify critical information. Contemporary mobile operating systems fail to prevent such attacks because they do not control access to the speaker at all and fail to control when untrusted apps may use the microphone, enabling authorized apps to create exploitable communication channels. In this paper, we propose a security mechanism that tracks the creation of audio communication channels explicitly and controls the information flows over these channels to prevent several types of attacks.We design and implement AuDroid, an extension to the SELinux reference monitor integrated into the Android operating system for enforcing lattice security policies over the dynamically changing use of system audio resources. To enhance flexibility, when information flow errors are detected, the device owner, system apps and services are given the opportunity to resolve information flow errors using known methods, enabling AuDroid to run many configurations safely. We evaluate our approach on 17 widely-used apps that make extensive use of the microphone and speaker, finding that AuDroid prevents six types of attack scenarios on audio channels while permitting all 17 apps to run effectively. AuDroid shows that it is possible to prevent attacks using audio channels without compromising functionality or introducing significant performance overhead.

READ FULL TEXT
research
04/07/2016

Aware: Controlling App Access to I/O Devices on Mobile Platforms

Smartphones' cameras, microphones, and device displays enable users to c...
research
04/20/2021

The Emperor's New Autofill Framework: A Security Analysis of Autofill on iOS and Android

Password managers help users more effectively manage their passwords, en...
research
06/28/2021

Doing good by fighting fraud: Ethical anti-fraud systems for mobile payments

App builders commonly use security challenges, a form of step-up authent...
research
12/14/2020

Back in control – An extensible middle-box on your phone

The closed design of mobile devices – with the increased security and co...
research
07/23/2023

Adversarial Agents For Attacking Inaudible Voice Activated Devices

The paper applies reinforcement learning to novel Internet of Thing conf...
research
08/08/2020

PolyScope: Multi-Policy Access Control Analysis to Triage Android Systems

Android filesystem access control provides a foundation for Android syst...

Please sign up or login with your details

Forgot password? Click here to reset