Simple spyware : Androids invisible foreground services and how to (ab)use them

Sutter, Thomas; Tellenbach, Bernhard

Publication type:	Conference other
Type of review:	Peer review (abstract)
Title:	Simple spyware : Androids invisible foreground services and how to (ab)use them
Authors:	Sutter, Thomas Tellenbach, Bernhard
et. al:	No
Conference details:	Black Hat Europe, London, 2.-5. Dezemeber 2019
Issue Date:	5-Dec-2019
Language:	English
Subjects:	Android Oreo; Android Pie; Android10; Mobile Security; Security; Spyware; Malware; Foreground
Subject (DDC):	005: Computer programming, programs and data
Abstract:	With the releases of Android Oreo and Pie, Google introduced some background execution limits for Android apps [1],[2]. In order to save battery life and prevent sensor access, apps were restricted in how they were capable of executing background services. Apps were no longer allowed to run background services in idle state and therefore preventing apps from using the devices resources like the camera. These limitations however, would not affect so-called foreground services, because foreground services show a permanently visible notification to the user and could therefore be stopped by the user at any time. Our research found out that a flaw in the API exists, which allows to start invisible foreground services, making the introduced limitations useless. Foreground services do not show any visual notification when the execution time of the service is shorter than five seconds. Using this and combining it with another flaw in Androids Job Scheduler API allows to constantly execute arbitrary tasks from a background context. This allows apps to use the resources of the device, even when the app is closed, or the device is in stand-by. Furthermore, we can prove that these flaws can be abused for constantly spying on the user and allowing malware developers to create spyware without the need of complicated exploitation. This simple to implement spyware shows that Androids permission model can't prevent an excessive use of permissions and that the limitations do not prevent the collection of the user's sensitive data. In order to prevent such attacks, it would be necessary to constantly monitor the apps permission usage or to revoke the permissions after every use. Such prevention mechanisms already exist but aren't widely used, which sets the users privacy and security at risk. We will show what users can do in order to guard themselves against such spyware attacks. Furthermore, we will introduce our solution ideas to detect such spyware on Android. [1]: Googles Android Oreo Release Notes: https://developer.android.com/about/versions/oreo/background [2]: Googles Android Pie Release Notes: https://developer.android.com/about/versions/pie/android-9.0-changes-all
URI:	https://digitalcollection.zhaw.ch/handle/11475/19516
Fulltext version:	Published version
License (according to publishing contract):	Not specified
Departement:	School of Engineering
Organisational Unit:	Institute of Computer Science (InIT)
Appears in collections:	Publikationen School of Engineering

Files in This Item:

There are no files associated with this item.

Show full item record

Sutter, T., & Tellenbach, B. (2019, December 5). Simple spyware : Androids invisible foreground services and how to (ab)use them. Black Hat Europe, London, 2.-5. Dezemeber 2019.

Sutter, T. and Tellenbach, B. (2019) ‘Simple spyware : Androids invisible foreground services and how to (ab)use them’, in Black Hat Europe, London, 2.-5. Dezemeber 2019.

T. Sutter and B. Tellenbach, “Simple spyware : Androids invisible foreground services and how to (ab)use them,” in Black Hat Europe, London, 2.-5. Dezemeber 2019, Dec. 2019.

SUTTER, Thomas und Bernhard TELLENBACH, 2019. Simple spyware : Androids invisible foreground services and how to (ab)use them. In: Black Hat Europe, London, 2.-5. Dezemeber 2019. Conference presentation. 5 Dezember 2019

Sutter, Thomas, and Bernhard Tellenbach. 2019. “Simple Spyware : Androids Invisible Foreground Services and How to (Ab)use Them.” Conference presentation. In Black Hat Europe, London, 2.-5. Dezemeber 2019.

Sutter, Thomas, and Bernhard Tellenbach. “Simple Spyware : Androids Invisible Foreground Services and How to (Ab)use Them.” Black Hat Europe, London, 2.-5. Dezemeber 2019, 2019.