• DocumentCode
    2130872
  • Title

    Hiding Privacy Leaks in Android Applications Using Low-Attention Raising Covert Channels

  • Author

    Lalande, Jean-Francois ; Wendzel, Steffen

  • Author_Institution
    ENSI de Bourges, Univ. Orleans, Bourges, France
  • fYear
    2013
  • fDate
    2-6 Sept. 2013
  • Firstpage
    701
  • Lastpage
    710
  • Abstract
    Covert channels enable a policy-breaking communication not foreseen by a system´s design. Recently, covert channels in Android were presented and it was shown that these channels can be used by malware to leak confidential information (e.g., contacts) between applications and to the Internet. Performance aspects as well as means to counter these covert channels were evaluated. In this paper, we present novel covert channel techniques linked to a minimized footprint to achieve a high covertness. Therefore, we developed a malware that slowly leaks collected private information and sends it synchronously based on four covert channel techniques. We show that some of our covert channels do not require any extra permission and escape well know detection techniques like TaintDroid. Experimental results confirm that the obtained throughput is correlated to the user interaction and show that these new covert channels have a low energy consumption - both aspects contribute to the stealthiness of the channels. Finally, we discuss concepts for novel means capable to counter our covert channels and we also discuss the adaption of network covert channel features to Android-based covert channels.
  • Keywords
    Internet; data privacy; energy consumption; human computer interaction; invasive software; operating systems (computers); Android applications; Android-based covert channels; Internet; channel stealthiness; confidential information leak; energy consumption; malware; network covert channel; policy-breaking communication; privacy leaks; user interaction; Androids; Humanoid robots; Malware; Operating systems; Privacy; Receivers; Smart phones; Android; Covert Channels; Information Hiding; Privacy; Smartphone Security;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Availability, Reliability and Security (ARES), 2013 Eighth International Conference on
  • Conference_Location
    Regensburg
  • Type

    conf

  • DOI
    10.1109/ARES.2013.92
  • Filename
    6657308