Rooting Android – Extending the ADB by an Auto-connecting WiFi-Accessible Service

Nazar, Assem; Seeger, Mark M.; Baier, Harald

doi:10.1007/978-3-642-29615-4_14

Assem Nazar^17,18,
Mark M. Seeger^17,19 &
Harald Baier¹⁷

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7161))

Included in the following conference series:

Nordic Conference on Secure IT Systems

1843 Accesses
3 Citations

Abstract

The majority of malware seen on Android has a top-down approach often targeting application programming interfaces (API) of the financially rewarding telephony and short message service (SMS). In this paper we present a proof of concept of compromising an Android based smartphone by targeting the underlying Linux kernel.

We adopt an unorthodox bottom-up approach on modifying the operating system to allow an application to re-route the Android debug bridge (ADB) daemon onto a wireless link. We support our research using case scenarios to show how information can be extracted and inserted into the smartphone without the knowledge of the user. We discuss how the Android build environment can be changed to harness functionality from secured operations. We also discuss how an application can be designed to function with minimum resources, be hidden and perform operations without user consent or interaction. We also provide an overview of how a rooted Android operating system can be misused.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 54.99; Price excludes VAT (USA)

Softcover Book: USD 69.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Elmer-DeWitt, P.: Needham: Android’s Market Share Peaked in March (June 2011), http://tech.fortune.cnn.com/2011/06/21/needham-androids-market-share-peaked-in-march/ (cited: July 01, 2011)
Google Android: What is Android? (2011), http://developer.android.com/index.html (cited: June 22, 2011)
BBC News: Android Hit By Rogue App Malware (March 2011), http://www.bbc.co.uk/news/technology-12633923 (cited: May 18, 2011)
Shabtai, A., Fledel, Y., Kanonov, U., Elovici, Y., Dolev, S., Glezer, C.: Google Android: A Comprehensive Security Assessment. IEEE Security & Privacy 8, 35–44 (2010)
Article Google Scholar
Enck, W., Ongtang, M., McDaniel, P.: Understanding Android Security. IEEE Security & Privacy 7, 50–57 (2009)
Article Google Scholar
Shin, W., Kwak, S., Kiyomoto, S., Fukushima, K., Tanaka, T.: A Small but Non-negligible Flaw in the Android Permission Scheme. In: Proceedings of the IEEE International Symposium on Policies for Distributed Systems and Networks (POLICY 2010), Fairfax, VA, USA, pp. 107–110. IEEE Computer Society (July 2010)
Google Scholar
Erhinger, D.: The Dalvik Virtual Machine Architecture. Technical report (March 2010) (cited: July 02, 2011)
Google Scholar
Cannon, T.: Android Market Security (February 2011), http://thomascannon.net/blog/2011/02/android-market-security/ (cited: June 01, 2011)
Cannon, T.: Android Data Stealing Vulnerability (November 2010), http://thomascannon.net/blog/2010/11/android-data-stealing-vulnerability/ (cited: June 01, 2011)
Cannon, T.: Android Reverse Engineering (November 2010), http://thomascannon.net/projects/android-reversing/ (cited: June 01, 2011)
Cannon, T.: Android Lock Screen Bypass (February 2011), http://thomascannon.net/blog/2011/02/android-lock-screen-bypass/ (cited: June 01, 2011)
Google Android: Tools (2011), http://developer.android.com/guide/developing/tools/index.html (cited: June 22, 2011)
Ongtang, M., McLaughlin, S., Enck, W., McDaniel, P.: Semantically Rich Application-centric Security in Android. In: Proceedings of the 25th Annual Computer Security Applications Conference (ACSAC 2009), Honolulu, HI, USA, pp. 340–349. IEEE Computer Society (December 2009)
Google Scholar
Shabtai, A., Fledel, Y., Elovici, Y.: Securing Android-Powered Mobile Devices Using SELinux. IEEE Security & Privacy 8, 36–44 (2010)
Google Scholar
Google Android: Security and Permissions (2011), http://developer.android.com/guide/topics/security/security.html (cited: June 22, 2011)
Shabtai, A.: Malware Detection on Mobile Devices. In: Proceedings of the 11th International Conference on Mobile Data Management (MDM 2010), Kanas City, MO, USA, pp. 289–290. IEEE Computer Society (May 2010)
Google Scholar

Download references

Author information

Authors and Affiliations

Center for Advanced Security Research Darmstadt (CASED), Mornewegstraße 32, 64293, Darmstadt, Germany
Assem Nazar, Mark M. Seeger & Harald Baier
Department of Computer & System Sciences, KTH - The Royal Institute of Technology, Forum 100, SE-164 40, Kista, Sweden
Assem Nazar
Department of Computer Science, Gjøvik University College, N-2818, Gjøvik, Norway
Mark M. Seeger

Authors

Assem Nazar
View author publications
You can also search for this author in PubMed Google Scholar
Mark M. Seeger
View author publications
You can also search for this author in PubMed Google Scholar
Harald Baier
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Cybernetica AS, Ülikooli 2, 51003, Tartu, Estonia
Peeter Laud

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Nazar, A., Seeger, M.M., Baier, H. (2012). Rooting Android – Extending the ADB by an Auto-connecting WiFi-Accessible Service. In: Laud, P. (eds) Information Security Technology for Applications. NordSec 2011. Lecture Notes in Computer Science, vol 7161. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29615-4_14

Download citation

DOI: https://doi.org/10.1007/978-3-642-29615-4_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-29614-7
Online ISBN: 978-3-642-29615-4
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics