Logo des Repositoriums
 

Surreptitious sharing on android

dc.contributor.authorSchürmann, Dominik
dc.contributor.authorWolf, Lars
dc.contributor.editorMeier, Michael
dc.contributor.editorReinhardt, Delphine
dc.contributor.editorWendzel, Steffen
dc.date.accessioned2017-06-21T07:43:30Z
dc.date.available2017-06-21T07:43:30Z
dc.date.issued2016
dc.description.abstractMany email and messaging applications on Android utilize the Intent API for sharing images, videos, and documents. Android standardizes Intents for sending and Intent Filters for receiving content. Instead of sending entire files, such as videos, via this API, only URIs are exchanged pointing to the actual storage position. In this paper we evaluate applications regarding a security vulnerability allowing privilege escalation and data leakage, which is related to the handling of URIs using the file scheme. We analyze a vulnerability called Surreptitious Sharing and present two scenarios showing how it can be exploited in practice. Based on these scenarios, 4 email and 8 messaging applications have been analyzed in detail. We found that 8 out of 12 applications are vulnerable. Guidelines how to properly handle file access on Android and a fix for the discussed vulnerability are attached.en
dc.identifier.isbn978-3-88579-650-3
dc.identifier.pissn1617-5468
dc.language.isoen
dc.publisherGesellschaft für Informatik e.V.
dc.relation.ispartofSicherheit 2016 - Sicherheit, Schutz und Zuverlässigkeit
dc.relation.ispartofseriesLecture Notes in Informatics (LNI) - Proceedings, Volume P-256
dc.titleSurreptitious sharing on androiden
dc.typeText/Conference Paper
gi.citation.endPage78
gi.citation.publisherPlaceBonn
gi.citation.startPage67
gi.conference.date5.-7. April 2016
gi.conference.locationBonn

Dateien

Originalbündel
1 - 1 von 1
Lade...
Vorschaubild
Name:
67.pdf
Größe:
221.27 KB
Format:
Adobe Portable Document Format