A-COPILOT: Android Covert Operation for Private Information Lifting and OTP Theft
conference contribution
posted on 2024-09-17, 01:59 authored by Joseph Guan Quan Lim, Zhen Yu Kwok, Isaac Soon, Jun Xian Yong, Samuel Song Yuhao, Siti Halilah Binte Rosley, Vivek BalachandranVivek Balachandran<p dir="ltr">This paper investigates an underexplored avenue of cybersecurity threats in mobile computing, with a particular focus on the Android platform, which, due to its open nature and widespread adoption, is a fertile ground for cyber threats. We present a Proof-of-Concept (PoC) Android application that, while ostensibly benign, can execute covert malicious operations by exploiting the process of permission granted. Specifically, the app manipulates accessibility permissions to autonomously acquire additional permissions needed for executing unauthorized activities without the user's knowledge. The research outlines conditions for minimal detection risk, leveraging the times when users are less likely to interact with their devices. The study provides a deeper understanding of the abuse potential of Android's accessibility features and highlights the critical need for comprehensive security measures to counteract such exploitations.</p>
History
Related Materials
- 1.
Journal/Conference/Book title
Fourteenth ACM Conference on Data and Application Security and PrivacyPublication date
2024-06-19Version
- Pre-print
Rights statement
© Owner/Author | ACM 2024. This is the author's version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published in CODASPY '24: Proceedings of the Fourteenth ACM Conference on Data and Application Security and Privacy, http://dx.doi.org/10.1145/3626232.3658638.Usage metrics
Categories
No categories selectedLicence
Exports
RefWorks
BibTeX
Ref. manager
Endnote
DataCite
NLM
DC