Options
2012
Report
Titel
Android OS security: Risks and limitations
Titel Supplements
A practical evaluation. Version 1.0
Abstract
The number of Android based smartphones is growing rapidly. They are increasingly used for security critical private and business applications, such as online banking or to access corporate networks. This makes them a very valuable target for an adversary. Up to date, significant or large scale attacks have failed, but attacks are becoming more sophisticated and successful. Thus, security is of paramount importance for both private and corporate users. In this paper, we give an overview of the current state of the art of Android security and present our extensible automated exploit execution framework. First, we provide a summary of the Android platform, current attack techniques, and publicly known exploits. Then, we introduce our extensible exploit execution framework which is capable of performing automated vulnerability tests of Android smartphones. It incorporates currently known exploits, but can be easily extended to integrate future exploits. Finally, we discuss how malware can propagate to Android smartphones today and in the future, and which possible threats arise. For example, device-to-device infections are possible if physical access is given.
Verlagsort
Garchingen