Open AccessPractical Attacks on Security and Privacy Through a Low-Cost Android Device
Author(s) -
Greig Paul,
J. A. Irvine
Publication year - 2015
Publication title -
journal of cyber security and mobility
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.198
H-Index - 9
eISSN - 2245-4578
pISSN - 2245-1439
DOI - 10.13052/2245-1439.422
Subject(s) - android (operating system) , computer security , computer science , mobile device , usability , internet privacy , attack surface , android application , strengths and weaknesses , the internet , internet access , world wide web , human–computer interaction , operating system , philosophy , epistemology
As adoption of smartphones and tablets increases, and budget device offerings become increasingly affordable, the vision of bringing universal connectivity to the developing world is becoming more and more viable. Nonetheless, it is important to consider the diverse use-cases for smartphones and tablets today, particularly where a user may only have access to a single connected device. In many regions, banking and other important services can be accessed from mobile connected devices, expanding the reach of these services. This paper highlights the practical risks of one such low-cost computing device, highlighting the ease with which a very recent (manufactured September 2015) Android-based internet tablet, designed for the developing world, can be completely compromised by an attacker. The weaknesses identified allow an attacker to gain full root access and persistent malicious code execution capabilities. We consider the implications of these attacks, and the ease with which these attacks may be carried out, and highlight the difficulty in effectively mitigating these weaknesses as a user, even on a recently manufactured device.