Large-Scale Analysis of Remote Code Injection Attacks in Android Apps

Cited 1 time in webofscience Cited 0 time in scopus
  • Hit : 171
  • Download : 43
It is pretty well known that insecure code updating procedures for Android allow remote code injection attack. However, other than codes, there are many resources in Android that have to be updated, such as temporary files, images, databases, and configurations (XML and JSON). Security of update procedures for these resources is largely unknown. This paper investigates general conditions for remote code injection attacks on these resources. Using this, we design and implement a static detection tool that automatically identifies apps that meet these conditions. We apply the detection tool to a large dataset comprising 9,054 apps, from three different types of datasets: official market, third-party market, and preinstalled apps. As a result, 97 apps were found to be potentially vulnerable, with 53 confirmed as vulnerable to remote code injection attacks.
Publisher
WILEY-HINDAWI
Issue Date
2018-04
Language
English
Article Type
Article
Citation

SECURITY AND COMMUNICATION NETWORKS

ISSN
1939-0114
DOI
10.1155/2018/2489214
URI
http://hdl.handle.net/10203/242256
Appears in Collection
EE-Journal Papers(저널논문)
Files in This Item
000431218300001.pdf(1.64 MB)Download
This item is cited by other documents in WoS
⊙ Detail Information in WoSⓡ Click to see webofscience_button
⊙ Cited 1 items in WoS Click to see citing articles in records_button

qr_code

  • mendeley

    citeulike


rss_1.0 rss_2.0 atom_1.0