Show simple item record

dc.contributor.authorSchürmann, Dominik
dc.contributor.authorWolf, Lars
dc.contributor.editorMeier, Michael
dc.contributor.editorReinhardt, Delphine
dc.contributor.editorWendzel, Steffen
dc.date.accessioned2017-06-21T07:43:30Z
dc.date.available2017-06-21T07:43:30Z
dc.date.issued2016
dc.identifier.isbn978-3-88579-650-3
dc.identifier.issn1617-5468
dc.description.abstractMany email and messaging applications on Android utilize the Intent API for sharing images, videos, and documents. Android standardizes Intents for sending and Intent Filters for receiving content. Instead of sending entire files, such as videos, via this API, only URIs are exchanged pointing to the actual storage position. In this paper we evaluate applications regarding a security vulnerability allowing privilege escalation and data leakage, which is related to the handling of URIs using the file scheme. We analyze a vulnerability called Surreptitious Sharing and present two scenarios showing how it can be exploited in practice. Based on these scenarios, 4 email and 8 messaging applications have been analyzed in detail. We found that 8 out of 12 applications are vulnerable. Guidelines how to properly handle file access on Android and a fix for the discussed vulnerability are attached.en
dc.language.isoen
dc.publisherGesellschaft für Informatik e.V.
dc.relation.ispartofSicherheit 2016 - Sicherheit, Schutz und Zuverlässigkeit
dc.relation.ispartofseriesLecture Notes in Informatics (LNI) - Proceedings, Volume P-256
dc.titleSurreptitious sharing on androiden
dc.typeText/Conference Paper
dc.pubPlaceBonn
mci.reference.pages67-78
mci.conference.locationBonn
mci.conference.date5.-7. April 2016


Files in this item

Thumbnail

Show simple item record