Abstract
In current scenario, Android operating system powers billions of users, and everyday numerous Android devices are activated. Android OS bridging day-to-day communications covers 74.92% share in the mobile market with 2.6 million apps at the same time experiencing insecurity, threats and penetration. Attackers aim such systems to gain unauthorized access and accomplish malicious intent. Malwares act as an impetus to this and are evolving every day, as current status of malware development has noticed a huge rise of more than 46% detections and 400% rise since 2010. Researchers are constantly working over the requirements of detecting and developing antimalware techniques to curb these security leaks. Covert channel is one such way out for malwares causing to transmit sensitive data from source to sink unnoticed by users as well as state-of-the-art tools. However, these channels are often overlooked or bypassed from mobile security perspective when it comes to detection mechanisms or state-of-the-art tools. This paper aims at providing a detailed study in this direction, analyzing threats and hence directing toward a novel area of security in this regard. Also, this paper focuses on existing mitigation techniques and future requirements to discern and avert such attacks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Lu, X. et al.: PRADA: prioritizing android devices for apps by mining large-scale usage data. In: 2016 IEEE/ACM 38th International Conference on Software Engineering (ICSE), Austin, TX, USA, pp. 3–13 (2016)
Samra, A.A.A., et al.: Analysis of clustering technique in android malware detection. In: Seventh International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, Taichung, Taiwan, pp. 729–733 (2013)
Mahindru et al.: FSDroid:—a feature selection technique to detect malware from android using machine learning techniques. Multimed. Tools Appl., pp. 1–53 (2021)
Enck, W., et al.: A study of android application security. In: Proceedings of the 20th USENIX Security Symposium (2011)
Zhou, Y., et al.: Dissecting android malware: characterization and evolution. In: IEEE Symposium on Security and Privacy, San Francisco, CA, USA, pp. 95–109(2012)
Lalande, J., et al.: Hiding privacy leaks in android applications using low-attention raising covert channels. In: International Conference on Availability, Reliability and Security, Regensburg, Germany, pp. 701–710 (2013)
Quang Do, S.et al.: Exfiltrating data from android devices. Comput. Secur., 48, 74–91 (2015)
Roman et al.: Soundcomber: a stealthy and contextaware sound trojan for smartphones. In: Proceedings of the 18th Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA, pp. 17–33 (2011)
Enck, W., et al.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. 32(2), 5.1–5.29 (2014)
Arzt, S. et al.: FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. In: Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation, vol. 49, no. 6, pp. 259–269 (2014)
Faruki, P., et al.: Android security: a survey of issues, malware penetration, and defenses. IEEE Commun. Surv. Tutorials 17(2), 998–1022 (2015)
Faruki, P., Ganmoor, V., Laxmi, V., Gaur, M.S., Bharmal, A.: AndroSimilar: robust statistical feature signature for Android Malware detection. In: Eli, A., Gaur, M. S., Orgun, M. A., Makarevich, O. B. (eds.) SIN, ACM, pp. 152–159 (2013)
Zheng, M., Sun, M., Lui, J. C. S.: DroidAnalytics: a signature based analytic system to collect, extract, analyze and associate Android Malware, CoRR abs/1302.7212
Talha, K.A., Alper, D.I., Aydin, C.: APK auditor: permission-based Android Malware detection system. Digit. Invest. 13, 1–14 (2015)
Sanz, B., Santos, I., Laorden, C., Ugarte-Pedrero, X., Bringas, P.G., Alvarez, G.: PUMA: permission usage to detect malware in android. In: International Joint Conference CISIS12-ICEUTE’ 12-SOCO’ 12 Special Sessions, Springer, pp. 289–298 (2013)
Kim, J., Yoon, Y., Yi, K., Shin, J., Center, S.: ScanDal: static analyzer for detecting privacy leaks in Android applications. In: Proceedings of the Workshop on Mobile Security Technologies (MoST), in conjunction with the IEEE Symposium on Security and Privacy, (2012)
Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: Crowdroid: behavior based Malware detection system for Android. In: Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, ACM, pp. 15–26, (2011)
Ruiz-Heras, A., GarcĂa-Teodoro, P., Sánchez-Casado, L.: ADroid: anomaly-based detection of malicious events in Android platforms. Int. J. Inf. Secur. 16, 371–384 (2017)
Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A.-R.: Xmandroid: a new android evolution to mitigate privilege escalation attacks (2011)
Yan, L.K., et al.: DroidScope: seamlessly reconstructing the OS and Dalvik semantic views for dynamic Android malware analysis. In: Proceedings of 21st USENIX Security Symposium, p. 29 (2012)
Girling, et al.: Covert Channles in LANs. IEEE Trans. Softw. Eng., SE-13(2) (1987)
Wolf, M.: Covert channels in LAN protocols. In: Proceedings on Workshop of Local Area Network Security (LANSEC), pp. 91–101 (1989)
Zander, S., et al.: A survey of covert channels and countermeasures in computer network protocols. IEEE Commun. Surv. Tutorials 9(3), 44–57 (2007)
Murdoch, S.J. et al.: Embedding covert channels into TCP/IP. In: Proceedings of 7th Information Hiding Workshop (2005)
Lucena, N.B., et al.: Covert channels in IPv6. In: Proceedings on Privacy Enhancing Technologies (PET), pp. 147–66 (20005)
Okamura, K. et al.: Load-based covert channels between Xen virtual machines. In: Proceedings on 2010 ACM Symposium on Applied Computing, pp. 173–180 (2010)
Cabuk, S., et al.: IP covert timing channels: design and detection. In: Proceedings on 11th ACM Conference of Computer and Communications Security (CCS), pp. 178–187 (2004)
Berk, V. et al.: Detection of covert channel encoding in network packet delays. Computer Science Technical Report TR2005–536 (2005)
Goher, S.Z., et al.: Covert channel detection: a survey based analysis. High Capacity Optical Networks and Emerging/Enabling Technologies, Istanbul, Turkey, pp. 057–065 (2012)
Deshotels, L.: Inaudible sound as covert channel in mobile devices. In: WOOT'14 Proceedings of the 8th USENIX Conference on Offensive Technologies, pp. 16.1–16.9 (2014)
Farshteindiker, B., Hasidim, N., Grosz, A., Oren, Y.: How to phone home with someone else’s phone: information exfiltration using intentional sound noise on gyroscopic sensors. In: Proceedings on USENIX Workshop Offensive Technol. (WOOT), pp. 1–10 (2016)
Chandra et al.: Towards a systematic study of the covert channel attacks in smartphones. In: International Conference on Security and Privacy in Communication Networks, pp. 427–435 (2014)
Zhao, M., Ge, F., Zhang, T., Yuan, Z.: AntiMalDroid: an efficient SVM-based malware detection framework for Android (2011)
Beresford, A. et al.: MockDroid: trading privacy for application functionality on smartphones. In: HotMobile ’11 Proceedings of 12th Workshop on Mobile Computing Systems and Applications, Phoenix, Arizona, pp. 49–54 (2011)
Yang, Z., et al.: LeakMiner: detect information leakage on Android with static taint analysis. In: 2012 Third World Congress on Software Engineering, Wuhan, China, pp. 101–104 (2012)
Li, L. et al.: IccTA: detecting inter-component privacy leaks in Android apps. In: 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering, Florence, vol. 1, pp. 280–291 (2015)
Clause, J., et al.: Dytan: a generic dynamic taint analysis framework. In: Proceedings of the International Symposium on Software Testing and Analysis, pp. 196–206 (2007)
Kiczales, G. et al.: Aspect-oriented programming. In: European Conference On Object-Oriented Programming. Springer, Berlin, Heidelberg, pp. 220–242 (1997)
Livshits, et al.: Reflection analysis for Java. In: Asian Symposium on Programming Languages and Systems, Springer, Berlin, Heidelberg, pp. 139–160 (2005)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Pattani, K., Gautam, S. (2022). A Comprehensive Study on Mobile Malwares: Mobile Covert Channels—Threats and Security. In: Jabeen, S.D., Ali, J., Castillo, O. (eds) Soft Computing and Optimization. SCOTA 2021. Springer Proceedings in Mathematics & Statistics, vol 404. Springer, Singapore. https://doi.org/10.1007/978-981-19-6406-0_8
Download citation
DOI: https://doi.org/10.1007/978-981-19-6406-0_8
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-19-6405-3
Online ISBN: 978-981-19-6406-0
eBook Packages: Mathematics and StatisticsMathematics and Statistics (R0)