FASSFuzzer—An Automated Vulnerability Detection System for Android System Services

As the core component of Android framework, Android system services provide a large number of basic and core function services for Android system. It has a lot of resources and very high system permissions. And for the Android system, it is a very important attack surface. Attackers can use Android system service vulnerabilities to steal user privacy, cause Android applications or Android system denial of service, remote malicious code execution and other malicious behaviors, which will seriously affect the security of Android users. Based on fuzzy testing technology, this paper designed and implemented a vulnerability mining system for Android system services, optimized and improved the fuzzy testing method, so as to improve the speed and effectiveness of vulnerability mining, and timely submitted the discovered vulnerabilities to the corresponding manufacturers and security agencies, to help Android manufacturers repair the vulnerabilities in time. The main work of this paper is as follows: Aiming at the null pointer reference vulnerability of Android system services, we designed and implemented an automatic fast mining system FASSFuzzer. FASSFuzzer uses ADB to quickly detect null pointer reference vulnerabilities in Android services. At the same time, FASSFuzzer added automatic design to automatically perceive the generation of vulnerabilities and ensure the full automation of the whole vulnerability mining process, and automatically generate a vulnerability mining report after the completion of vulnerability mining.