research-article

Public Access

Hit by the Bus: QoS Degradation Attack on Android

Authors:

Mehmet Sinan Inci,

Thomas Eisenbarth,

Berk SunarAuthors Info & Claims

ASIA CCS '17: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security

Pages 716 - 727

https://doi.org/10.1145/3052973.3053028

Published: 02 April 2017 Publication History

Abstract

Mobile apps need optimal performance and responsiveness to rise amongst numerous rivals on the market. Further, some apps like media streaming or gaming apps cannot even function properly with a performance below a certain threshold. In this work, we present the first performance degradation attack on Android OS that can target rival apps using a combination of logical channel leakages and low-level architectural bottlenecks in the underlying hardware. To show the viability of the attack, we design a proof-of-concept app and test it on various mobile platforms. The attack runs covertly and brings the target to the level of unresponsiveness. With less than 10% CPU time in the worst case, it requires minimal computational effort to run as a background service, and requires only the UsageStats permission from the user. We quantify the impact of our attack using 11 popular benchmark apps, running 44 different tests.} The measured QoS degradation varies across platforms and applications, reaching a maximum of 90\% in some cases. The attack combines the leakage from logical channels with low-level architectural bottlenecks to design a malicious app that can covertly degrade Quality of Service (QoS) of any targeted app. Furthermore, our attack code has a small footprint and is not detected by the Android system as malicious. Finally, our app can pass the Google Play Store malware scanner, Google Bouncer, as well as the top malware scanners in the Play Store.

References

[1]

Android system permissions. https://developer.android.com/guide/topics/security/permissions.html.

[2]

ARM Synchronization Primitives. http://infocenter.arm.com/help/topic/com.arm.doc.dht0008a/DHT0008A_arm_synchronization_primitives.pdf.

[3]

Number of available applications in the Google Play Store from December 2009 to September 2016. https://www.statista.com/statistics/266210/number-of-available-applications-in-the-google-play-store/.

[4]

Android Dashboards. Online, Nov 2016. https://developer.android.com/about/dashboards/index.html.

[5]

Android, the world's most popular mobile platform. Online, Nov 2016. https://developer.android.com/about/android.html.

[6]

Application Fundamentals. Online, Nov 8 2016. https://developer.android.com/guide/components/fundamentals.html.

[7]

Acıiçmez, O. Yet Another MicroArchitectural Attack: Exploiting I-Cache. In Proceedings of the 2007 ACM Workshop on Computer Security Architecture.

Digital Library

[8]

Acıiçmez, O., Gueron, S., and Seifert, J.-P. New branch prediction vulnerabilities in OpenSSL and necessary software countermeasures. In IMA International Conference on Cryptography and Coding (2007).

Digital Library

[9]

Acıiçmez, O., K. Koç, c., and Seifert, J.-P. Predicting secret keys via branch prediction. In Topics in Cryptology CT-RSA 2007, vol. 4377. pp. 225--242.

Digital Library

[10]

Bernstein, D. J. Cache-timing attacks on AES, 2004. URL: http://cr.yp.to/papers.html#cachetiming.

[11]

Bianchi, A., Corbetta, J., Invernizzi, L., Fratantonio, Y., Kruegel, C., and Vigna, G. What the App is That? Deception and Countermeasures in the Android User Interface. In IEEE S&P 2015.

Digital Library

[12]

Bogdanov, A., Eisenbarth, T., Paar, C., and Wienecke, M. Differential cache-collision timing attacks on aes with applications to embedded cpus. In CT-RSA 2010.

Digital Library

[13]

Brumley, B. Cache storage attacks. In CT-RSA 2015.

[14]

Chen, Q. A. and Qian, Z. and Mao, Z. M. Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks. In USENIX Security 2014.

Digital Library

[15]

Colp, P., Zhang, J., Gleeson, J., Suneja, S., de Lara, E., Raj, H., Saroiu, S., and Wolman, A. Protecting data on smartphones and tablets from memory attacks. ASPLOS 2015.

Digital Library

[16]

Inci, M. S., Gulmezoglu, B., Eisenbarth, T., and Sunar, B. Co-location Detection on the Cloud. In COSADE 2016.

[17]

Inci, M. S., Irazoqui, G., Eisenbarth, T., and Sunar, B. Efficient, Adversarial Neighbor Discovery using Logical Channels on Microsoft Azure. In ACSAC 2016.

Digital Library

[18]

Irazoqui, G., Eisenbarth, T., and Sunar, B. SA: A Shared Cache Attack that Works Across Cores and Defies VM Sandboxing and its Application to AES. In IEEE S&P 2015.

Digital Library

[19]

Irazoqui, G., Inci, M. S., Eisenbarth, T., and Sunar, B. Wait a Minute! A fast, Cross-VM Attack on AES. In RAID 2014.

[20]

Jana, S., and Shmatikov, V. Memento: Learning secrets from process footprints. In IEEE S&P 2012.

Digital Library

[21]

Lipp, M., Gruss, D., Spreitzer, R., Maurice, C., and Mangard, S. ARMageddon: Last-Level Cache Attacks on Mobile Devices. In USENIX Security 2016.

[22]

Liu, F. and Yarom, Y. and Ge, Q. and Heiser, G. and Lee, R. B. Last-level cache side-channel attacks are practical. In IEEE S&P 2015.

Digital Library

[23]

Maurice, C. and Weber, M. and Schwarz, M. and Giner, L. and Gruss, D. and Carlo, A. B. and Mangard, S. and Römer, K. Hello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud. In NDSS 2017.

[24]

Osvik, D. A., Shamir, A., and Tromer, E. Cache Attacks and Countermeasures: The Case of AES. CT-RSA 2006.

Digital Library

[25]

Rusling, D. A. ARMv7a Architecture Overview. presentation, 2010. https://wiki.ubuntu.com/Specs/M/ARMGeneralArchitectureOverview?action=AttachFile&do=get&target=ARMv7+Overview+a02.pdf.

[26]

Spreitzer, R., and Plos, T. On the Applicability of Time-Driven Cache Attacks on Mobile Devices. In NSS 2013.

[27]

van der Veen, V., Fratantonio, Y., Lindorfer, M., Gruss, D., Maurice, C., Vigna, G., Bos, H., Razavi, K., and Giuffrida, C. Drammer: Deterministic Rowhammer Attacks on Mobile Platforms. In CCS 2016.

Digital Library

[28]

Varadarajan, V., Zhang, Y., Ristenpart, T., and Swift, M. A placement vulnerability study in multi-tenant public clouds. In USENIX Security 2015.

Digital Library

[29]

Yarom, Y., and Falkner, K. FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack. In USENIX Security 2014.

Digital Library

[30]

Zhang, Y., Juels, A., Oprea, A., and Reiter, M. K. HomeAlone: Co-residency Detection in the Cloud via Side-Channel Analysis. In IEEE S&P 2011.

Digital Library

[31]

Zhang, Y., Juels, A., Reiter, M. K., and Ristenpart, T. Cross-VM Side Channels and Their Use to Extract Private Keys. In CCS 2012.

Digital Library

[32]

Zhou, X., Demetriou, S., He, D., Naveed, M., Pan, X., Wang, X., Gunter, C. A., and Nahrstedt, K. Identity, location, disease and more: Inferring your secrets from android public resources. In CCS 2013.

Digital Library

Cited By

Li AWang JBaruah SSinopoli BZhang N(2024)An Empirical Study of Performance Interference: Timing Violation Patterns and Impacts2024 IEEE 30th Real-Time and Embedded Technology and Applications Symposium (RTAS)10.1109/RTAS61025.2024.00033(320-333)Online publication date: 13-May-2024
https://doi.org/10.1109/RTAS61025.2024.00033
Farzand HAbraham MBrewster SKhamis MMarky K(2024)A Systematic Deconstruction of Human-Centric Privacy & Security Threats on Mobile PhonesInternational Journal of Human–Computer Interaction10.1080/10447318.2024.236151941:2(1628-1651)Online publication date: 12-Jun-2024
https://doi.org/10.1080/10447318.2024.2361519
Li ASudvarg MLiu HYu ZGill CZhang N(2022)PolyRhythm: Adaptive Tuning of a Multi-Channel Attack Template for Timing Interference2022 IEEE Real-Time Systems Symposium (RTSS)10.1109/RTSS55097.2022.00028(225-239)Online publication date: Dec-2022
https://doi.org/10.1109/RTSS55097.2022.00028
Show More Cited By

Index Terms

Hit by the Bus: QoS Degradation Attack on Android

Recommendations

Understanding the relationship between quality and security: a large-scale analysis of Android applications
SEAD '18: Proceedings of the 1st International Workshop on Security Awareness from Design to Deployment

Android applications (apps) are not immune to the problems which also plague conventional software including security vulnerabilities, quality defects, permission misuse, and numerous other issues. Many developers even intentionally create vulnerable or ...
Intelligent mobile malware detection using permission requests and API calls
Abstract
Malware is a serious threat that has been used to target mobile devices since its inception. Two types of mobile malware attacks are standalone: fraudulent mobile apps and injected malicious apps. Defending against the cyber threats of ...
Highlights
- Effective classification model that combines permission request and API calls.
- ...
XiOS: Extended Application Sandboxing on iOS
ASIA CCS '15: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security

Until very recently it was widely believed that iOS malware is effectively blocked by Apple's vetting process and application sandboxing. However, the newly presented severe malicious app attacks (e.g., Jekyll) succeeded to undermine these protection ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ASIA CCS '17: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security

April 2017

952 pages

ISBN:9781450349444

DOI:10.1145/3052973

General Chairs:
Ramesh Karri
New York University, New York, USA
,
Ozgur Sinanoglu
New York University Abu Dhabi, UAE
,
Program Chairs:
Ahmad-Reza Sadeghi
Technische Universität Darmstadt, Germany
,
Xun Yi
RMIT University, Australia

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 April 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

National Science Foundation

Conference

ASIA CCS '17

Sponsor:

SIGSAC

ASIA CCS '17: ACM Asia Conference on Computer and Communications Security

April 2 - 6, 2017

Abu Dhabi, United Arab Emirates

Acceptance Rates

ASIA CCS '17 Paper Acceptance Rate 67 of 359 submissions, 19%;

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
566
Total Downloads

Downloads (Last 12 months)159
Downloads (Last 6 weeks)33

Reflects downloads up to 23 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Li AWang JBaruah SSinopoli BZhang N(2024)An Empirical Study of Performance Interference: Timing Violation Patterns and Impacts2024 IEEE 30th Real-Time and Embedded Technology and Applications Symposium (RTAS)10.1109/RTAS61025.2024.00033(320-333)Online publication date: 13-May-2024
https://doi.org/10.1109/RTAS61025.2024.00033
Farzand HAbraham MBrewster SKhamis MMarky K(2024)A Systematic Deconstruction of Human-Centric Privacy & Security Threats on Mobile PhonesInternational Journal of Human–Computer Interaction10.1080/10447318.2024.236151941:2(1628-1651)Online publication date: 12-Jun-2024
https://doi.org/10.1080/10447318.2024.2361519
Li ASudvarg MLiu HYu ZGill CZhang N(2022)PolyRhythm: Adaptive Tuning of a Multi-Channel Attack Template for Timing Interference2022 IEEE Real-Time Systems Symposium (RTSS)10.1109/RTSS55097.2022.00028(225-239)Online publication date: Dec-2022
https://doi.org/10.1109/RTSS55097.2022.00028
Zhang SShan HWang QLiu JYan QWei J(2019)Tail Amplification in n-Tier Systems: A Study of Transient Cross-Resource Contention Attacks2019 IEEE 39th International Conference on Distributed Computing Systems (ICDCS)10.1109/ICDCS.2019.00152(1527-1538)Online publication date: Jul-2019
https://doi.org/10.1109/ICDCS.2019.00152
Irazoqui GEisenbarth TSunar BZhao ZAhn GKrishnan RGhinita G(2018)MASCATProceedings of the Eighth ACM Conference on Data and Application Security and Privacy10.1145/3176258.3176316(377-388)Online publication date: 13-Mar-2018
https://dl.acm.org/doi/10.1145/3176258.3176316
Schmitz KKeszocze OSchmidt JGrosse DDrechsler R(2018)Towards Dynamic Execution Environment for System Security Protection Against Hardware Flaws2018 IEEE Computer Society Annual Symposium on VLSI (ISVLSI)10.1109/ISVLSI.2018.00107(557-562)Online publication date: Jul-2018
https://doi.org/10.1109/ISVLSI.2018.00107

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten