A New Sensors-Based Covert Channel on Android

Ahmed Mubarak Ahmed Al-Haiqi, Mahamod Ismail, Rosdiadee Nordin

Research output: Contribution to journalArticle

17 Citations (Scopus)

Abstract

Covert channels are not new in computing systems, and have been studied since their first definition four decades ago. New platforms invoke thorough investigations to assess their security. Now is the time for Android platform to analyze its security model, in particular the two key principles: process-isolation and the permissions system. Aside from all sorts of malware, one threat proved intractable by current protection solutions, that is, collusion attacks involving two applications communicating over covert channels. Still no universal solution can countermeasure this sort of attack unless the covert channels are known. This paper is an attempt to reveal a new covert channel, not only being specific to smartphones, but also exploiting an unusual resource as a vehicle to carry covert information: sensors data. Accelerometers generate signals that reflect user motions, and malware applications can apparently only read their data. However, if the vibration motor on the device is used properly, programmatically produced vibration patterns can encode stolen data and hence an application can cause discernible effects on acceleration data to be received and decoded by another application. Our evaluations confirmed a real threat where strings of tens of characters could be transmitted errorless if the throughput is reduced to around 2.5-5 bps. The proposed covert channel is very stealthy as no unusual permissions are required and there is no explicit communication between the colluding applications.

Original languageEnglish
Article number969628
JournalScientific World Journal
Volume2014
DOIs
Publication statusPublished - 01 Jan 2014

Fingerprint

Vibration
sensor
Sensors
vibration
Equipment and Supplies
accelerometer
Smartphones
Accelerometers
Throughput
communication
Communication
resource
Smartphone
permission
Malware

All Science Journal Classification (ASJC) codes

  • Biochemistry, Genetics and Molecular Biology(all)
  • Environmental Science(all)

Cite this

Ahmed Al-Haiqi, Ahmed Mubarak ; Ismail, Mahamod ; Nordin, Rosdiadee. / A New Sensors-Based Covert Channel on Android. In: Scientific World Journal. 2014 ; Vol. 2014.
@article{e4e53d058f3240ec8ebc9d1f008cdb99,
title = "A New Sensors-Based Covert Channel on Android",
abstract = "Covert channels are not new in computing systems, and have been studied since their first definition four decades ago. New platforms invoke thorough investigations to assess their security. Now is the time for Android platform to analyze its security model, in particular the two key principles: process-isolation and the permissions system. Aside from all sorts of malware, one threat proved intractable by current protection solutions, that is, collusion attacks involving two applications communicating over covert channels. Still no universal solution can countermeasure this sort of attack unless the covert channels are known. This paper is an attempt to reveal a new covert channel, not only being specific to smartphones, but also exploiting an unusual resource as a vehicle to carry covert information: sensors data. Accelerometers generate signals that reflect user motions, and malware applications can apparently only read their data. However, if the vibration motor on the device is used properly, programmatically produced vibration patterns can encode stolen data and hence an application can cause discernible effects on acceleration data to be received and decoded by another application. Our evaluations confirmed a real threat where strings of tens of characters could be transmitted errorless if the throughput is reduced to around 2.5-5 bps. The proposed covert channel is very stealthy as no unusual permissions are required and there is no explicit communication between the colluding applications.",
author = "{Ahmed Al-Haiqi}, {Ahmed Mubarak} and Mahamod Ismail and Rosdiadee Nordin",
year = "2014",
month = "1",
day = "1",
doi = "10.1155/2014/969628",
language = "English",
volume = "2014",
journal = "The Scientific World Journal",
issn = "2356-6140",
publisher = "Hindawi Publishing Corporation",

}

A New Sensors-Based Covert Channel on Android. / Ahmed Al-Haiqi, Ahmed Mubarak; Ismail, Mahamod; Nordin, Rosdiadee.

In: Scientific World Journal, Vol. 2014, 969628, 01.01.2014.

Research output: Contribution to journalArticle

TY - JOUR

T1 - A New Sensors-Based Covert Channel on Android

AU - Ahmed Al-Haiqi, Ahmed Mubarak

AU - Ismail, Mahamod

AU - Nordin, Rosdiadee

PY - 2014/1/1

Y1 - 2014/1/1

N2 - Covert channels are not new in computing systems, and have been studied since their first definition four decades ago. New platforms invoke thorough investigations to assess their security. Now is the time for Android platform to analyze its security model, in particular the two key principles: process-isolation and the permissions system. Aside from all sorts of malware, one threat proved intractable by current protection solutions, that is, collusion attacks involving two applications communicating over covert channels. Still no universal solution can countermeasure this sort of attack unless the covert channels are known. This paper is an attempt to reveal a new covert channel, not only being specific to smartphones, but also exploiting an unusual resource as a vehicle to carry covert information: sensors data. Accelerometers generate signals that reflect user motions, and malware applications can apparently only read their data. However, if the vibration motor on the device is used properly, programmatically produced vibration patterns can encode stolen data and hence an application can cause discernible effects on acceleration data to be received and decoded by another application. Our evaluations confirmed a real threat where strings of tens of characters could be transmitted errorless if the throughput is reduced to around 2.5-5 bps. The proposed covert channel is very stealthy as no unusual permissions are required and there is no explicit communication between the colluding applications.

AB - Covert channels are not new in computing systems, and have been studied since their first definition four decades ago. New platforms invoke thorough investigations to assess their security. Now is the time for Android platform to analyze its security model, in particular the two key principles: process-isolation and the permissions system. Aside from all sorts of malware, one threat proved intractable by current protection solutions, that is, collusion attacks involving two applications communicating over covert channels. Still no universal solution can countermeasure this sort of attack unless the covert channels are known. This paper is an attempt to reveal a new covert channel, not only being specific to smartphones, but also exploiting an unusual resource as a vehicle to carry covert information: sensors data. Accelerometers generate signals that reflect user motions, and malware applications can apparently only read their data. However, if the vibration motor on the device is used properly, programmatically produced vibration patterns can encode stolen data and hence an application can cause discernible effects on acceleration data to be received and decoded by another application. Our evaluations confirmed a real threat where strings of tens of characters could be transmitted errorless if the throughput is reduced to around 2.5-5 bps. The proposed covert channel is very stealthy as no unusual permissions are required and there is no explicit communication between the colluding applications.

UR - http://www.scopus.com/inward/record.url?scp=84931417290&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84931417290&partnerID=8YFLogxK

U2 - 10.1155/2014/969628

DO - 10.1155/2014/969628

M3 - Article

C2 - 25295311

AN - SCOPUS:84931417290

VL - 2014

JO - The Scientific World Journal

JF - The Scientific World Journal

SN - 2356-6140

M1 - 969628

ER -