Why Software DoS Is Hard to Fix: Denying Access in Embedded Android Platforms

  • Ryan JohnsonEmail author
  • Mohamed Elsabagh
  • Angelos Stavrou
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9696)


A new class of software Denial of Service (DoS) attacks against Android platforms was recently discovered, where the attacks can force the victim device unresponsive, target and terminate other applications on the device, and continuously soft reboot the device [26]. After Google was informed of these DoS attacks, their attempt to resolve the problem did not adequately address the fundamental underlying attack principles. In this paper, we show that engineering software DoS defenses is challenging, especially for embedded and resource-constrained devices. To support our findings, we detail a revised DoS attack strategy for the latest version of Android. For our experimental evaluation, we demonstrate that the new class of DoS attacks are even more damaging to embedded Android devices. As part of our proof-of-concept attacks, we were able to render the Sony Bravia XBR-43X830C Android TV and the Amazon Fire TV Stick 1st generation devices permanently unusable. In addition, other devices, including the Moto 360 1st generation smartwatch, required flashing firmware images, whereas the Nvidia Shield Android TV and the Amazon Fire 7\(''\) Tablet required a factory reset to recover. Our attack is applicable to most Android devices and requires manual intervention to attempt to recover the device. The proposed attack strategy is more debilitating to devices that do not provide means for the end-user to easily access safe mode, recovery mode, or the ability flash firmware images. To mitigate the attack, we created an open-source defense application that has a 100 % prevention rate after a single soft reboot of the device while incurring less than 1.6 % performance overhead.


Android Dos attack Dos defense Mobile security 


  1. 1.
    Accessing SATV stock Recovery — nVidia Shield Android TV.
  2. 2.
  3. 3.
  4. 4.
  5. 5.
  6. 6.
  7. 7.
    Android Debug Bridge — Android Developers.
  8. 8.
  9. 9.
    endlessrecursion/antireboot: A standalone App to defend againstreboot cycle DoS Attacks on Android.
  10. 10.
  11. 11.
  12. 12.
    Moto 360 adapter usb cable — How to Root Android.
  13. 13.
  14. 14.
    SONY — eSupport - How to reset the Android TV to factorysettings.
  15. 15.
    Antunes, J., Neves, N.F., Veríssimo, P.J.: Detection and prediction of resource-exhaustion vulnerabilities. In: 19th International Symposium on Software Reliability Engineering, ISSRE 2008, pp. 87–96. IEEE (2008)Google Scholar
  16. 16.
    Armando, A., Merlo, A., Migliardi, M., Verderame, L.: Would you mind forking this process? a denial of service attack on android (and some countermeasures). In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds.) SEC 2012. IFIP AICT, vol. 376, pp. 13–24. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  17. 17.
    Azim, T., Neamtiu, I.: Targeted and depth-first exploration for systematic testing of android apps. In: Proceedings of the 2013 ACM SIGPLAN International Conference on Object Oriented Programming Systems Languages & Applications, OOPSLA 2013, pp. 641–660. ACM (2013)Google Scholar
  18. 18.
    Bhattacharya, P., Yang, L., Guo, M., Qian, K., Yang, M.: Learning mobile security with labware. Secur. Priv. IEEE 12(1), 69–72 (2014)CrossRefGoogle Scholar
  19. 19.
    Chang, R., Jiang, G., Ivančić, F., Sankaranarayanan, S., Shmatikov, V.: Inputs of coma: static detection of denial-of-service vulnerabilities. In: Computer Security Foundations Symposium, CSF2009, 22nd IEEE, pp. 186–199. IEEE (2009)Google Scholar
  20. 20.
    Chen, X., Ding, N., Jindal, A., Hu, Y.C., Gupta, M., Vannithamby, R.: Smartphone energy drain in the wild: analysis and implications. In: Proceedings of the 2015 ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems, pp. 151–164. ACM (2015)Google Scholar
  21. 21.
    Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: Analyzing inter-application communication in android. In: Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services, MobiSys 2011, pp. 239–252, ACM (2011)Google Scholar
  22. 22.
    Elsabagh, M., Barbará, D., Fleck, D., Stavrou, A.: Radmin: early detection of application-level resource exhaustion and starvation attacks. In: Bos, H., Monrose, F., Blanc, G. (eds.) Raid 2015. LNCS, vol. 9404, pp. 515–537. Springer, Heidelberg (2015). doi: 10.1007/978-3-319-26362-5_24 CrossRefGoogle Scholar
  23. 23.
    Fedler, R., Schütte, J., Kulicke, M.: On the effectiveness of malware protection on android. Technical Report, Fraunhofer AISEC, Berlin (2013)Google Scholar
  24. 24.
    Groza, B., Minea, M.: Formal modelling and automatic detection of resource exhaustion attacks. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, pp. 326–333. ACM (2011)Google Scholar
  25. 25.
    Huang, H., Zhu, S., Chen, K., Liu, P.: From system services freezing to system server shutdown in android: all you need is a loop in an app. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 1236–1247. ACM (2015)Google Scholar
  26. 26.
    Johnson, R., Elsabagh, M., Stavrou, A., Sritapan, V.: Targeted DoS on android: how to disable android in 10 seconds or less. In: Proceedings of the 10th International Conference on Malicious and Unwanted Software, pp. 239–252 (2015)Google Scholar
  27. 27.
    Liu, X., Yang, X., Lu, Y.: To filter or to authorize: network-layer dos defense against multimillion-node botnets. ACM SIGCOMM Comput. Commun. Rev. 38(4), 195–206 (2008)CrossRefGoogle Scholar
  28. 28.
    Peng, T., Leckie, C., Ramamohanarao, K.: Survey of network-based defense mechanisms countering the dos and ddos problems. ACM Comput. Surv. 39(1), 3 (2007)CrossRefGoogle Scholar
  29. 29.
    Potharaju, R., Newell, A., Nita-Rotaru, C., Zhang, X.: Plagiarizing smartphone applications: attack strategies and defense techniques. In: Barthe, G., Livshits, B., Scandariato, R. (eds.) ESSoS 2012. LNCS, vol. 7159, pp. 106–120. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  30. 30.
    Vidas, T., Christin, N.: Sweetening android lemon markets: measuring and combating malware in application marketplaces. In: Proceedings of the Third ACM Conference on Data and Application Security and Privacy, CODASPY 2013, pp. 197–208. ACM (2013)Google Scholar
  31. 31.
    Xiao, B., Chen, W., He, Y.: An autonomous defense against syn flooding attacks: detect and throttle attacks at the victim side independently. J. Parallel Distrib. Comput. 68(4), 456–470 (2008)CrossRefzbMATHGoogle Scholar
  32. 32.
    Yang, G., Gerla, M., Sanadidi, M.: Defense against low-rate tcp-targeted denial-of-service attacks. In: Proceedings of the Ninth International Symposium on Computers and Communications, ISCC 2004, vol. 1, pp. 345–350. IEEE (2004)Google Scholar
  33. 33.
    Yang, X., Wetherall, D., Anderson, T.: A dos-limiting network architecture. In: Proceedings of the 2005 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, SIGCOMM 2005, pp. 241–252. ACM (2005)Google Scholar
  34. 34.
    Zheng, M., Sun, M., Lui, J.: Droid Analytics: a signature based analytic system to collect, extract, analyze and associate android malware. In: 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 163–171, July 2013Google Scholar
  35. 35.
    Zhou, W., Zhou, Y., Jiang, X., Ning, P.: Detecting repackaged smartphone applications in third-party android marketplaces. In: Proceedings of the Second ACM Conference on Data and Application Security and Privacy, CODASPY 2012, pp. 317–326 (2012)Google Scholar
  36. 36.
    Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In: 2012 IEEE Symposium on Security and Privacy (SP), pp. 95–109, May 2012Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Ryan Johnson
    • 1
    • 2
    Email author
  • Mohamed Elsabagh
    • 1
  • Angelos Stavrou
    • 1
    • 2
  1. 1.George Mason UniversityFairfaxUSA
  2. 2.KryptowireFairfaxUSA

Personalised recommendations