QuoVadis Posted June 8, 2017 Report Share Posted June 8, 2017 The current Android sensor security model either allows only restrictive read access to sensitive sensors (e.g., an app can only read its own touch data) or requires special installtime permissions (e.g., to read microphone, camera, or GPS). Moreover, Android does not allow write access to any of the sensors. Sensing-based security and non-security applications, therefore, crucially rely upon the sanity of the Android sensor security model. In this paper, we show that such a model can be effectively circumvented. Specifically, we build SMASheD, a legitimate framework under the current Android ecosystem that can be used to stealthily sniff as well as manipulate many of the Android’s restricted sensors (even touch input). SMASheD exploits the Android debug bridge functionality and enables a malicious app with only the INTERNET permission to read, and write to, multiple different sensor data files at will. SMASheD is the first framework, to the best of our knowledge, that can sniff and manipulate protected sensors on unrooted Android devices, without user awareness, without constant device-PC connection and without the need to infect the PC. Download: https://we.tl/mfoEtoz63x 3 Quote Link to comment Share on other sites More sharing options...
