GARMDROID: IoT Potential Security Threats Analysis Through the Inference of Android Applications Hardware Features Requirements
Applications and services based on the Internet of Things (IoT) are increasingly vulnerable to disruption from attack or information theft. Developers and researchers attempt to prevent the growth of such disruption models, mitigate and limit their impact. Meeting these challenges requires understanding the characteristics of things and the technologies that empower the IoT since traditional protection mechanisms are not enough. Moreover, as the growth in mobile device market is pushing the deployment of the IoT, tools and mechanisms to evaluate, analyze and detect security threats in these devices are strongly required. In this context, this paper presents a web tool, named GARMDROID, aimed to help IoT software developers and integrators to evaluate IoT security threats based on the visualization of Android application hardware requests. This procedure is based on the static analysis of permissions requested by Android applications.
KeywordsInternet of Things Android Security threats
This material is based on work supported by the Mexican National Council of Science and Technology (CONACYT) under grant 216747. Also the authors acknowledge support from IPN under grant SIP-20161697.
- 2.Childs, D., Gilliland, A., Gorenc, B., Goudey, H., Gunn, A., Hoole, A., Lancaster, J., Muthurajan, S., Wook, Oh, J., Tsipenyuk O’Neil, Y., Park, J., Petrovsky, O., Sechman, J., Shah, N., Sotack, T., Svajcer, V.: The HPE Cyber Risk Report 2015. HP (2015)Google Scholar
- 3.Gartner: Gartner Says Worldwide Smartphone Sales Recorded Slowest Growth Rate Since 2013, 6 January 2016. http://www.gartner.com/newsroom/id/3115517
- 4.Wikipedia: Garmr. 15 November 2015. https://en.wikipedia.org/wiki/Garmr
- 5.Milette, G., Stroud, A.: Professional Android Sensor Programming. Wiley, Indianapolis (2012)Google Scholar
- 6.Android developers: uses-features, 10 December 2015. http://developer.android.com/intl/es/guide/topics/manifest/uses-feature-element.html
- 7.Embarcadero: Internet of Things Solutions, 2 January 2016. https://www.embarcadero.com/solutions/internet-of-things
- 8.Phifer, L.: Top 10 Android Security Risks, 14 May 2015. http://www.esecurityplanet.com/views/article.php/3928646/Top-10-Android-Security-Risks.htm
- 9.Kendall, K.: Practical Malware Analysis, 07 May 2015. https://www.blackhat.com/presentations/bh-dc-07/Kendall_McMillan/Paper/bh-dc-07-Kendall_McMillan-WP.pdf
- 10.Childs, D., Gilliland, A., Gorenc, B., Goudey, H., Gunn, A., Hoole, A., Lancaster, J.: Cyber Risk Report 2015 Hewlett-Packard. Technical report, HP Security Research (2015)Google Scholar
- 12.Moser, A., Kruegel, C., Kirda, E.: Limits of static analysis for malware detection. In: Computer Security Applications Conference 2007, ACSAC 2007, pp. 421–430 (2007)Google Scholar
- 13.VirusTotal, 05 December 2015. https://www.virustotal.com/es-mx/