Singapore Institute of Technology
Browse
- No file added yet -

A-COPILOT: Android Covert Operation for Private Information Lifting and OTP Theft

Download (381.25 kB)
conference contribution
posted on 2024-09-17, 01:59 authored by Joseph Guan Quan Lim, Zhen Yu Kwok, Isaac Soon, Jun Xian Yong, Samuel Song Yuhao, Siti Halilah Binte Rosley, Vivek BalachandranVivek Balachandran

This paper investigates an underexplored avenue of cybersecurity threats in mobile computing, with a particular focus on the Android platform, which, due to its open nature and widespread adoption, is a fertile ground for cyber threats. We present a Proof-of-Concept (PoC) Android application that, while ostensibly benign, can execute covert malicious operations by exploiting the process of permission granted. Specifically, the app manipulates accessibility permissions to autonomously acquire additional permissions needed for executing unauthorized activities without the user's knowledge. The research outlines conditions for minimal detection risk, leveraging the times when users are less likely to interact with their devices. The study provides a deeper understanding of the abuse potential of Android's accessibility features and highlights the critical need for comprehensive security measures to counteract such exploitations.

History

Journal/Conference/Book title

Fourteenth ACM Conference on Data and Application Security and Privacy

Publication date

2024-06-19

Version

  • Pre-print

Rights statement

© Owner/Author | ACM 2024. This is the author's version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published in CODASPY '24: Proceedings of the Fourteenth ACM Conference on Data and Application Security and Privacy, http://dx.doi.org/10.1145/3626232.3658638.

Usage metrics

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC