Browse > Article
http://dx.doi.org/10.13089/JKIISC.2014.24.6.1175

Study on Security Vulnerabilities of Implicit Intents in Android  

Jo, Min Jae (Sejong University)
Shin, Ji Sun (Sejong University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.24, no.6, 2014 , pp. 1175-1184 More about this Journal
Abstract
Android provides a message-passing mechanism called intent. While it helps easy developments of communications between intra and inter applications, it can be vulnerable to attacks. In particular, implicit intent, differing from explicit intent specifying a receiving component, does not specify a component that receives a message and insecure ways of using implicit intents may allow malicious applications to intercept or forge intents. In this paper, we focus on security vulnerabilities of implicit intent and review researched attacks and solutions. For the case of implicit intent using 'developer-created action', specific attacks and solutions have been published. However, for the case of implicit intent using 'Android standard action', no specific attack has been found and less studied. In this paper, we present a new attack on implicit intent using Android standard action and propose solutions to protect smart phones from this attack.
Keywords
Android; Intent Vulnerability; Implicit Intent; Smart Phone Security;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 Android Appliction Secure Design/Secure Coding Guidebook, http://www.jssec.org/dl/android_securecoding_en.pdf
2 Android API Reference, http://developer.android.com/reference/packages.html
3 PALOMINO LABS, http://blog.palominolabs.com/2013/05/13/android-security/
4 CERT Android Secure Coding, https://www.securecoding.cert.org/confluence/pages/viewpage.action?pageId=111509535
5 E. Chin, A.P. Felt, K. Greenwood, and D. Wagner, "Analyzing inter-app lication communication in Android," In Proceedings of the 9th international conference on Mobile systems, applications, and services, ACM, pp. 239-252 ,2011
6 Cozzette. A, Lingel. K, Matsumoto. S, Ortlieb. O, Alexander. J, Betser. J, Florer. L, Kuenning. G, Nilles. J and Reiher. P, "Improving the security of Android inter-component communi cation," In Integrated Network Man agement, IFIP/IEEE International Symposium on pp. 808-811, 2013.
7 D. Kantola, E. Chin, W. He, and D. Wagner, "Reducing attack surfaces for intra- application communication in android," In Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices, pp. 69, 2012.
8 Zdnet News, http://www.zdnet.co.kr/ news/news_view.asp?artice_id=20140731154840
9 Fortinet, http://www.fortinet.com/ sites/default/files/whitepapers/Threat-Landscape-2014.pdf
10 Kakao Developer Site, https://developers.kakao.com/
11 Young-dong Kim, Ikhwan Kim and Taehyoun Kim, "Analysis of Usage Patterns and Security Vulnerabilities in Android Permissions and Broadcast Intent Mechanism," Journal of the Korea Institute of Information Secu rity and Cryptology, 22(5), pp. 1145-1157, Oct. 2012.   과학기술학회마을
12 Oh. J. S, Park. M. W and Chung. T. M. "The solution of denial of service attack on ordered broadcast Intent," IEEE 16th International Conference In Advanced Communication Tech nology (ICACT), pp. 397-400, 2014.
13 Jae-wan Lim, Hwang-bin Ryu and Chang-Pyo Yoon, "Response Techn ique for the Vulerability of Broadcast Intent Security in Android," Korea Convergence security journal, 12(6), pp. 61-67, Dec. 2012.
14 K. Hamandi, I.H. Elhajj, A. Chehab, and A. Kayssi, "Android SMS botnet: A new perspective," In Proceedings of the 10th ACM international symposium on Mobility management and wireless access, pp. 125-129, 2012.
15 McAfee Report, http://www.mcafee.com/sg/resources/reports/rp-quarterly-threat-q1-2014.pdf
16 Yang. C, Yegneswaran. V, Porras. P, and Gu. G, "Detecting Money-Stealing Apps in Alternative Android Mark ets," In Proceedings of the 2012 ACM Conference on Computer and Comm unications Security, pp. 1034-1036, Oct. 2012.
17 Kim, Dongwoo, and Jaecheol Ryou. "SecureSMS: prevention of SMS interception on Android platform," In Proceedings of the 8th International Conference on Ubiquitous Information Management and Communication, ACM, 2014.
18 KISA, "Analysis of Android Mobile Platform Security Model," Aug. 2010.