Vijay Laxmi

Parvez Faruki, Hossein Fereidooni, Vijay Laxmi et al.

Mobile devices have become ubiquitous due to centralization of private user information, contacts, messages and multiple sensors. Google Android, an open-source mobile Operating System (OS), is currently the market leader. Android popularity has motivated the malware authors to employ set of cyber attacks leveraging code obfuscation techniques. Obfuscation is an action that modifies an application (app) code, preserving the original semantics and functionality to evade anti-malware. Code obfuscation is a contentious issue. Theoretical code analysis techniques indicate that, attaining a verifiable and secure obfuscation is impossible. However, obfuscation tools and techniques are popular both among malware developers (to evade anti-malware) and commercial software developers (protect intellectual rights). We conducted a survey to uncover answers to concrete and relevant questions concerning Android code obfuscation and protection techniques. The purpose of this paper is to review code obfuscation and code protection practices, and evaluate efficacy of existing code de-obfuscation tools. In particular, we discuss Android code obfuscation methods, custom app protection techniques, and various de-obfuscation methods. Furthermore, we review and analyse the obfuscation techniques used by malware authors to evade analysis efforts. We believe that, there is a need to investigate efficiency of the defense techniques used for code protection. This survey would be beneficial to the researchers and practitioners, to understand obfuscation and de-obfuscation techniques to propose novel solutions on Android.

Vineeta Jain, Vijay Laxmi, Manoj Singh Gaur et al.

In this paper, we demonstrate a realistic variant of wireless Evil Twins (ETs) for launching device to device (D2D) attacks over the network, particularly for Android. We show an attack where an ET infects an Android device before the relay of network traffic through it, and disappears from the network immediately after inflicting the device. The attack leverages the captive portal facility of wireless networks to launch D2D attack. We configure an ET to launch a malicious component of an already installed app in the device on submission of the portal page. In this paper, we present an online, incremental, automated, fingerprinting based pre-association detection mechanism named as ETGuard which works as a client-server mechanism in real-time. The fingerprints are constructed from the beacon frames transmitted by the wireless APs periodically to inform client devices of their presence and capabilities in a network. Once detected, ETGuard continuously transmits deauthentication frames to prevent clients from connecting to an ET. ETGuard outperforms the existing state-of-the-art techniques from various perspectives. Our technique does not require any expensive hardware, does not modify any protocols, does not rely on any network specific parameters such as Round Trip Time (RTT), number of hops, etc., can be deployed in a real network, is incremental, and operates passively to detect ETs in real-time. To evaluate the efficiency, we deploy ETGuard in 802.11a/b/g wireless networks. The experiments are conducted using 12 different attack scenarios where each scenario differs in the source used for introducing an ET. ETGuard effectively detects ETs introduced either through a hardware, software, or mobile hotspot with high accuracy, only one false positive scenario, and no false negatives.

Shweta Bhandari, Wafa Ben Jaballah, Vineeta Jain et al.

With the digital breakthrough, smart phones have become very essential component. Mobile devices are very attractive attack surface for cyber thieves as they hold personal details (accounts, locations, contacts, photos) and have potential capabilities for eavesdropping (with cameras/microphone, wireless connections). Android, being the most popular, is the target of malicious hackers who are trying to use Android app as a tool to break into and control device. Android malware authors use many anti-analysis techniques to hide from analysis tools. Academic researchers and commercial anti-malware companies are putting great effort to detect such malicious apps. They are making use of the combinations of static, dynamic and behavior based analysis techniques. Despite of all the security mechanisms provided by Android, apps can carry out malicious actions through collusion. In collusion malicious functionality is divided across multiple apps. Each participating app accomplish its part and communicate information to another app through Inter Component Communication (ICC). ICC do not require any special permissions. Also, there is no compulsion to inform user about the communication. Each participating app needs to request a minimal set of privileges, which may make it appear benign to current state-of-the-art techniques that analyze one app at a time. There are many surveys on app analysis techniques in Android; however they focus on single-app analysis. This survey augments this through focusing only on collusion among multiple-apps. In this paper, we present Android vulnerabilities that may be exploited for a possible collusion attack. We cover the existing threat analysis, scenarios, and a detailed comparison of tools for intra and inter-app analysis. To the best of our knowledge this is the first survey on app collusion and state-of-the-art detection tools in Android.