文章基本信息

标题：Android's External Device Attack: Demonstration and Security Suggestions
本地全文：下载
作者：Zhang Wei ; Yang Chao ; Chen Yunfang 等
期刊名称：International Journal of Security and Its Applications
印刷版ISSN：1738-9976
出版年度：2015
卷号：9
期号：4
页码：317-326
DOI：10.14257/ijsia.2015.9.4.29
出版社：SERSC
摘要：A large number of users choose to manage their Android phones via assistant software based on the ADB tool. These users face threats of a variety of attacks, such as external device attacks, because the current Android system's security mechanism does not pay sufficient attention to the safety of the ADB tool. This paper provides a detailed introduction of the ADB tool and discusses threats its use can bring. These threats include silently installing malicious apps, pushing malicious privilege escalation files to the phone, copying private files from the phone, risking opening TCP debugging mode, and introducing vulnerabilities by the ADB tool. We demonstrate a peripheral device attack is presented to help understand how the designed and implemented flaws can be used to bypass security protection. The demonstration is realised by Raspberry Pi, an open-source single chip computer that can run an ARM-based Linux system. Finally, some suggestions are proposed for security improvements to address threats introduced by the ADB tool.
关键词：Android Security; ADB Tool; External Device Attack; Security Suggestions