Please use this identifier to cite or link to this item:
https://www.um.edu.mt/library/oar/handle/123456789/91080
Title: | Reducing the forensic footprint with Android accessibility attacks |
Other Titles: | STM 2020 : security and trust management |
Authors: | Leguesse, Yonas Vella, Mark Joseph Colombo, Christian Hernandez-Castro, Julio |
Keywords: | Malware (Computer software) Mobile computing -- Security measures Computer software -- Security measures Digital forensic science |
Issue Date: | 2020 |
Publisher: | Springer |
Citation: | Leguesse, Y., Vella, M., Colombo, C., & Hernandez-Castro, J. (2020). Reducing the forensic footprint with Android accessibility attacks. In K. Markantonakis & M. Petrocchi (Eds.), STM 2020 : security and trust management (pp. 22-38). Cham: Springer. |
Abstract: | Android accessibility features include a robust set of tools allowing developers to create apps for assisting people with disabilities. Unfortunately, this useful set of tools can also be abused and turned into an attack vector, providing malware with the ability to interact and read content from third-party apps. In this work, we are the first to study the impact that the stealthy exploitation of Android accessibility services can have on significantly reducing the forensic footprint of malware attacks, thus hindering both live and post-incident forensic investigations. We show that through Living off the Land (LotL) tactics, or by offering a malware-only substitute for attacks typically requiring more elaborate schemes, accessibilitybased malware can be rendered virtually undetectable. In the LotL approach, we demonstrate accessibility-enabled SMS and command and control (C2) capabilities. As for the latter, we show a complete cryptocurrency wallet theft, whereby the accessibility trojan can hijack the entire withdrawal process of a widely used app, including two-factor authentication (2FA). In both cases, we demonstrate how the attacks result in significantly diminished forensic evidence when compared to similar attacks not employing accessibility tools, even to the extent of maintaining device take-over without requiring malware persistence. |
URI: | https://www.um.edu.mt/library/oar/handle/123456789/91080 |
Appears in Collections: | Scholarly Works - FacICTCS |
Files in This Item:
File | Description | Size | Format | |
---|---|---|---|---|
Reducing_the_forensic_footprint_with_Android_accessibility_attacks_2020.pdf | 655.33 kB | Adobe PDF | View/Open |
Items in OAR@UM are protected by copyright, with all rights reserved, unless otherwise indicated.