Why Software DoS Is Hard to Fix: Denying Access in Embedded Android Platforms

Conference paper

DOI: 10.1007/978-3-319-39555-5_11

Part of the Lecture Notes in Computer Science book series (LNCS, volume 9696)
Cite this paper as:
Johnson R., Elsabagh M., Stavrou A. (2016) Why Software DoS Is Hard to Fix: Denying Access in Embedded Android Platforms. In: Manulis M., Sadeghi AR., Schneider S. (eds) Applied Cryptography and Network Security. ACNS 2016. Lecture Notes in Computer Science, vol 9696. Springer, Cham

Abstract

A new class of software Denial of Service (DoS) attacks against Android platforms was recently discovered, where the attacks can force the victim device unresponsive, target and terminate other applications on the device, and continuously soft reboot the device [26]. After Google was informed of these DoS attacks, their attempt to resolve the problem did not adequately address the fundamental underlying attack principles. In this paper, we show that engineering software DoS defenses is challenging, especially for embedded and resource-constrained devices. To support our findings, we detail a revised DoS attack strategy for the latest version of Android. For our experimental evaluation, we demonstrate that the new class of DoS attacks are even more damaging to embedded Android devices. As part of our proof-of-concept attacks, we were able to render the Sony Bravia XBR-43X830C Android TV and the Amazon Fire TV Stick 1st generation devices permanently unusable. In addition, other devices, including the Moto 360 1st generation smartwatch, required flashing firmware images, whereas the Nvidia Shield Android TV and the Amazon Fire 7\(''\) Tablet required a factory reset to recover. Our attack is applicable to most Android devices and requires manual intervention to attempt to recover the device. The proposed attack strategy is more debilitating to devices that do not provide means for the end-user to easily access safe mode, recovery mode, or the ability flash firmware images. To mitigate the attack, we created an open-source defense application that has a 100 % prevention rate after a single soft reboot of the device while incurring less than 1.6 % performance overhead.

Keywords

Android Dos attack Dos defense Mobile security 

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Ryan Johnson
    • 1
    • 2
  • Mohamed Elsabagh
    • 1
  • Angelos Stavrou
    • 1
    • 2
  1. 1.George Mason UniversityFairfaxUSA
  2. 2.KryptowireFairfaxUSA

Personalised recommendations