Visible to the public Biblio

Filters: Author is Spreitzer, Raphael  [Clear All Filters]
2019-02-08
Spreitzer, Raphael, Palfinger, Gerald, Mangard, Stefan.  2018.  SCAnDroid: Automated Side-Channel Analysis of Android APIs. Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks. :224-235.

Although the Android system has been continuously hardened against side-channel attacks, there are still plenty of APIs available that can be exploited. However, most side-channel analyses in the literature consider specifically chosen APIs (or resources) in the Android framework, after a manual analysis of APIs for possible information leaks has been performed. Such a manual analysis is a tedious, time consuming, and error-prone task, meaning that information leaks tend to be overlooked. To overcome this tedious task, we introduce SCANDROID, a framework that automatically profiles the Java-based Android API for possible information leaks. Events of interest, such as website launches, Google Maps queries, or application starts, are triggered automatically, and while these events are being triggered, the Java-based Android API is analyzed for possible information leaks that allow inferring these events later on. To assess the Android API for information leaks, SCANDROID relies on dynamic time warping. By applying SCANDROID on Android 8 (Android Oreo), we identified several Android APIs that allow inferring website launches, Google Maps queries, and application starts. The triggered events are by no means exhaustive but have been chosen to demonstrate the broad applicability of SCANDROID. Among the automatically identified information leaks are, for example, the java.io.File API, the android.os.storage.StorageManager API, and several methods within the android.net. Traffics tats API. Thereby, we identify the first side-channel leaks in the Android API on Android 8 (Android Oreo).

2017-04-24
Spreitzer, Raphael, Griesmayr, Simone, Korak, Thomas, Mangard, Stefan.  2016.  Exploiting Data-Usage Statistics for Website Fingerprinting Attacks on Android. Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks. :49–60.

The browsing behavior of a user allows to infer personal details, such as health status, political interests, sexual orientation, etc. In order to protect this sensitive information and to cope with possible privacy threats, defense mechanisms like SSH tunnels and anonymity networks (e.g., Tor) have been established. A known shortcoming of these defenses is that website fingerprinting attacks allow to infer a user's browsing behavior based on traffic analysis techniques. However, website fingerprinting typically assumes access to the client's network or to a router near the client, which restricts the applicability of these attacks. In this work, we show that this rather strong assumption is not required for website fingerprinting attacks. Our client-side attack overcomes several limitations and assumptions of network-based fingerprinting attacks, e.g., network conditions and traffic noise, disabled browser caches, expensive training phases, etc. Thereby, we eliminate assumptions used for academic purposes and present a practical attack that can be implemented easily and deployed on a large scale. Eventually, we show that an unprivileged application can infer the browsing behavior by exploiting the unprotected access to the Android data-usage statistics. More specifically, we are able to infer 97% of 2,500 page visits out of a set of 500 monitored pages correctly. Even if the traffic is routed through Tor by using the Orbot proxy in combination with the Orweb browser, we can infer 95% of 500 page visits out of a set of 100 monitored pages correctly. Thus, the READ\_HISTORY\_BOOKMARKS permission, which is supposed to protect the browsing behavior, does not provide protection.