Exfiltrating Data from Android Devices

Computers & Security, 2014, DOI: 10.1016/j.cose.2014.10.016

28 Pages Posted: 31 Oct 2014 Last revised: 15 Nov 2014

See all articles by Quang Do

Quang Do

University of South Australia

Ben Martini

University of South Australia

Kim-Kwang Raymond Choo

The University of Texas at San Antonio

Date Written: October 29, 2014

Abstract

Modern mobile devices have security capabilities built into the native operating system, which are generally designed to ensure the security of personal or corporate data stored on the device, both at rest and in transit. In recent times, there has been interest from researchers and governments in securing as well as exfiltrating data stored on such devices (e.g. the high profile PRISM program involving the US Government). In this paper, we propose an adversary model for Android covert data exfiltration, and demonstrate how it can be used to construct a mobile data exfiltration technique (MDET) to covertly exfiltrate data from Android devices. Two proof-of-concepts were implemented to demonstrate the feasibility of exfiltrating data via SMS and inaudible audio transmission using standard mobile devices.

Keywords: Android, code injection, covert exfiltration, data exfiltration, inaudible transmission, mobile adversary model, reverse engineering, SMALI, SMS transmission

JEL Classification: C88, C89, K42, K49

Suggested Citation

Do, Quang and Martini, Ben and Choo, Kim-Kwang Raymond, Exfiltrating Data from Android Devices (October 29, 2014). Computers & Security, 2014, DOI: 10.1016/j.cose.2014.10.016 . Available at SSRN: https://ssrn.com/abstract=2516608

Quang Do

University of South Australia ( email )

37-44 North Terrace, City West Campus
Adelaide, South Australia 5001
Australia

Ben Martini

University of South Australia ( email )

37-44 North Terrace, City West Campus
Adelaide, South Australia 5001
Australia

Kim-Kwang Raymond Choo (Contact Author)

The University of Texas at San Antonio ( email )

San Antonio, TX 78249
United States
+12104587867 (Phone)

HOME PAGE: http://https://sites.google.com/site/raymondchooau/

Register to save articles to
your library

Register

Paper statistics

Downloads
221
Abstract Views
1,033
rank
136,410
PlumX Metrics