Open Doors for Bob and Mallory: Open Port Usage in Android Apps and Security Implications

2017 IEEE European Symposium on Security and Privacy (EuroS&P) Pub Date : 2017-04-26 DOI:10.1109/EuroSP.2017.44

Yunhan Jia, Qi Alfred Chen, Yikai Lin, Chao Kong, Z. Morley Mao

{"title":"Open Doors for Bob and Mallory: Open Port Usage in Android Apps and Security Implications","authors":"Yunhan Jia, Qi Alfred Chen, Yikai Lin, Chao Kong, Z. Morley Mao","doi":"10.1109/EuroSP.2017.44","DOIUrl":null,"url":null,"abstract":"Open ports are typically used by server software to serve remote clients, and the usage historically leads to remote exploitation due to insufficient protection. Smartphone operating systems inherit the open port support, but since they are significantly different from traditional server machines in performance and availability guarantees, little is known about how smartphone applications use open ports and what the security implications are. In this paper, we perform the first systematic study of open port usage on mobile platform and their security implications. To achieve this goal, we design and implement OPAnalyzer, a static analysis tool which can effectively identify and characterize vulnerable open port usage in Android applications. Using OPAnalyzer, we perform extensive usage and vulnerability analysis on a dataset with over 100K Android applications. OPAnalyzer successfully classifies 99% of the mobile usage of open ports into 5 distinct families, and from the output, we are able to identify several mobile-specific usage scenarios such as data sharing in physical proximity. In our subsequent vulnerability analysis, we find that nearly half of the usage is unprotected and can be directly exploited remotely. From the identified vulnerable usage, we discover 410 vulnerable applications with 956 potential exploits in total. We manually confirmed the vulnerabilities for 57 applications, including popular ones with 10 to 50 million downloads on the official market, and also an app that is pre-installed on some device models. These vulnerabilities can be exploited to cause highly-severe damage such as remotely stealing contacts, photos, and even security credentials, and also performing sensitive actions such as malware installation and malicious code execution. We have reported these vulnerabilities and already got acknowledged by the application developers for some of them. We also propose countermeasures and improved practices for each usage scenario.","PeriodicalId":233564,"journal":{"name":"2017 IEEE European Symposium on Security and Privacy (EuroS&P)","volume":"66 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"26","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE European Symposium on Security and Privacy (EuroS&P)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EuroSP.2017.44","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 26

Abstract

Open ports are typically used by server software to serve remote clients, and the usage historically leads to remote exploitation due to insufficient protection. Smartphone operating systems inherit the open port support, but since they are significantly different from traditional server machines in performance and availability guarantees, little is known about how smartphone applications use open ports and what the security implications are. In this paper, we perform the first systematic study of open port usage on mobile platform and their security implications. To achieve this goal, we design and implement OPAnalyzer, a static analysis tool which can effectively identify and characterize vulnerable open port usage in Android applications. Using OPAnalyzer, we perform extensive usage and vulnerability analysis on a dataset with over 100K Android applications. OPAnalyzer successfully classifies 99% of the mobile usage of open ports into 5 distinct families, and from the output, we are able to identify several mobile-specific usage scenarios such as data sharing in physical proximity. In our subsequent vulnerability analysis, we find that nearly half of the usage is unprotected and can be directly exploited remotely. From the identified vulnerable usage, we discover 410 vulnerable applications with 956 potential exploits in total. We manually confirmed the vulnerabilities for 57 applications, including popular ones with 10 to 50 million downloads on the official market, and also an app that is pre-installed on some device models. These vulnerabilities can be exploited to cause highly-severe damage such as remotely stealing contacts, photos, and even security credentials, and also performing sensitive actions such as malware installation and malicious code execution. We have reported these vulnerabilities and already got acknowledged by the application developers for some of them. We also propose countermeasures and improved practices for each usage scenario.

查看原文本刊更多论文

为Bob和Mallory打开大门:Android应用程序中的开放端口使用和安全含义

开放端口通常由服务器软件用于服务远程客户端，由于保护不足，这种使用通常会导致远程利用。智能手机操作系统继承了开放端口支持，但由于它们在性能和可用性保证方面与传统服务器机器有很大的不同，因此人们对智能手机应用程序如何使用开放端口以及其安全含义知之甚少。在本文中，我们对移动平台上开放端口的使用及其安全影响进行了首次系统研究。为了实现这一目标，我们设计并实现了OPAnalyzer，这是一个静态分析工具，可以有效地识别和表征Android应用程序中脆弱的开放端口使用情况。使用OPAnalyzer，我们对超过10万个Android应用程序的数据集进行了广泛的使用和漏洞分析。OPAnalyzer成功地将99%的开放端口的移动使用分为5个不同的类别，并且从输出中，我们能够识别几个特定于移动的使用场景，例如物理邻近的数据共享。在我们随后的漏洞分析中，我们发现近一半的使用是不受保护的，可以直接远程利用。从已识别的漏洞使用中，我们发现410个易受攻击的应用程序，总共有956个潜在漏洞。我们手动确认了57个应用程序的漏洞，其中包括官方市场上下载量在1000万到5000万之间的热门应用程序，以及一些设备型号预装的应用程序。可以利用这些漏洞造成高度严重的破坏，例如远程窃取联系人、照片甚至安全凭证，以及执行敏感操作，例如安装恶意软件和执行恶意代码。我们已经报告了这些漏洞，并且已经得到了一些应用程序开发人员的认可。我们还针对每个使用场景提出对策和改进的实践。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2017 IEEE European Symposium on Security and Privacy (EuroS&P)

自引率

0.00%

发文量