Computer Laboratory

Technical reports

Exploring new attack vectors for the exploitation of smartphones

Laurent Simon

July 2017, 167 pages

This technical report is based on a dissertation submitted April 2016 by the author for the degree of Doctor of Philosophy to the University of Cambridge, Homerton College.

Abstract

Smartphones have evolved from simple candy-bar devices into powerful miniature computing platforms. Today’s smartphones are complex multi-tenant platforms: users, OS providers, manufacturers, carriers, and app developers have to co-exist on a single device. As with other computing platforms, smartphone security research has dedicated a lot of effort, first, into the detection and prevention of ill-intentioned software; second, into the detection and mitigation of operating system vulnerabilities; and third, into the detection and mitigation of vulnerabilities in applications.

In this thesis, I take a different approach. I explore and study attack vectors that are specific to smartphones; that is, attack vectors that do not exist on other computing platforms because they are the result of these phones’ intrinsic characteristics. One such characteristic is the sheer number of sensors and peripherals, such as an accelerometer, a gyroscope and a built-in camera. Their number keeps increasing with new usage scenarios, e.g. for health or navigation. So I show how to abuse the camera and microphone to infer a smartphone’s motion during user input. I then correlate motion characteristics to the keyboard digits touched by a user so as to infer PINs. This can work even if the input is protected through a Trusted Execution Environment (TEE), the industry’s preferred answer to the trusted path problem.

Another characteristic is their form factor, such as their small touch screen. New input methods have been devised to make user input easier, such as “gesture typing”. So I study a new side channel that exploits hardware and software interrupt counters to infer what users type using this widely adopted input method.

Another inherent trait is that users carry smartphones everywhere. This increases the risk of theft or loss. In fact, in 2013 alone, 3.1M devices were stolen in the USA, and 120,000 in London. So I study the effectiveness of anti-theft software for the Android platform, and demonstrate a wide variety of vulnerabilities.

Yet another characteristic of the smartphone ecosystem if the pace at which new devices are released: users tend to replace their phone about every 2 years, compared to 4.5 years for their personal computers. For already 60% of users today, the purchase of a new smartphone is partly funded by selling the previous one. This can have privacy implications if the previous owner’s personal data is not properly erased. So I study the effectiveness of the built-in sanitisation features in Android smartphones, lifting the curtains on their problems and their root causes.

Full text

PDF (3.3 MB)

BibTeX record

@TechReport{UCAM-CL-TR-909,
  author =	 {Simon, Laurent},
  title = 	 {{Exploring new attack vectors for the exploitation of
         	   smartphones}},
  year = 	 2017,
  month = 	 jul,
  url = 	 {http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-909.pdf},
  institution =  {University of Cambridge, Computer Laboratory},
  number = 	 {UCAM-CL-TR-909}
}