SMASheD: Sniffing and Manipulating Android Sensor Data for Offensive Purposes
Academic Article
Overview
Research
Identity
Additional Document Info
Other
View All
Overview
abstract
The current Android sensor security model either allows only restrictive read access to sensitive sensors (e.g., an app can only read its own touch data) or requires special install-time permissions (e.g., to read microphone, camera, or GPS). Moreover, Android does not allow write access to any of the sensors. Sensing-based security and non-security applications, therefore, crucially rely upon the sanity of the Android sensor security model. In this paper, we show that such a model can be effectively circumvented. Specifically, we build SMASheD, a legitimate framework under the current Android ecosystem that can be used to stealthily sniff as well as manipulate many of the Android's restricted sensors (even touch input). SMASheD exploits the Android debug bridge functionality and enables a malicious app with only the INTERNET permission to read, and write to, multiple different sensor data files at will. SMASheD is the first framework, to the best of our knowledge, that can sniff and manipulate protected sensors on unrooted Android devices, without user awareness, without constant device-PC connection and without the need to infect the PC. The primary contributions of this paper are twofold. First, we design and develop the SMASheD framework, and evaluate its effectiveness on multiple Android devices, including phones, watches, and glasses. Second, as an offensive implication of the SMASheD framework, we introduce a wide array of potentially devastating attacks. Our attacks against the touch sensor range from accurately logging the touchscreen input (TouchLogger) to injecting touch events for accessing restricted sensors and resources, installing and granting special permissions to other malicious apps, accessing user accounts, and authenticating on behalf of the user-essentially almost doing whatever the device user can do (secretively). Our attacks against various physical sensors (motion, position, and environmental) can subvert the functionality provided by numerous existing sensing-based security and non-security applications, including those used for (continuous) authentication, authorization, safety, and elderly care.
