Template based Android Inter Process Communication Fuzzing
論文研討

Template based Android Inter Process Communication Fuzzing

論文研討
論文名稱 Template based Android Inter Process Communication Fuzzing
簡報日期 2020/08/13
報告者 吳偉誠
論文網址 https://dl.acm.org/doi/abs/10.1145/3407023.3407052
簡報檔案 預覽
引用 title = Template based Android Inter Process Communication Fuzzing
author =Anatoli Kalysch, Mark Deutel profile, Tilo Müller profile
booktitle = Proceedings of the 15th International Conference on Availability, Reliability and Security
pages = 1-6
year = 2020
organization = ACM
摘要 Fuzzing is a test method in vulnerability assessments that calls the interfaces of a program in order to find bugs in its input processing. Automatically generated inputs, based on a set of templates and randomness, are sent to a program at a high rate, collecting crashes for later investigation. We apply fuzz testing to the inter process communication (IPC) on Android in order to find bugs in the mechanisms how Android apps communicate with each other. The sandboxing principle on Android usually ensures that apps can only communicate to other apps via programmatic interfaces. Unlike traditional operating systems, two Android apps running in the same user context are not able to access the data of each other (security) or quit the other app (safety).

Our IPC fuzzer for Android detects the structure of data sent within Intents between apps by disassembling and analyzing an app’s bytecode. It relies on multiple mutation engines for input generation and supports post-mortem analysis for a detailed insight into crashes. We tested 1488 popular apps from the Google Play-Store, enabling us to crash 450 apps with intents that could be sent from any unprivileged app on the same device, thus undermining the safety guarantees given by Android. We show that any installed app on a device could easily crash a series of other apps, effectively rendering them useless. Even worse, we discovered flaws in popular frameworks like Unity, the Google Services API, and the Adjust SDK. Comparing our implementation to previous research shows improvements in the depth and diversity of our detected crashes.