Mobile Interface Security Analysis

Abstract

AbstractSmartphones have become the dominant computing platform for the world~s population, and have been almost universally adopted within the United States. Amongst the armed forces, smartphones have also become ubiquitous and have been proposed as a means for delivering command-and control and situation awareness data. It is thus critically important to ensure thatthese mobile devices can be protected from remote exploit. There are already a substantial number of remote-facing interfaces exposed by mobile devices such as smartphones; the security of these interfaces is not well understood, and their number is growing. The goal of this project is to expand on our characterization of the AT command interface on mobile devices, which wehave shown to provide arbitrary undocumented functionality in Android devices, such as the ability to remotely allow bypassing authentication screens and allowing remote touchscreen injection attacks. Specifically, this proposal seeks to evaluate additional interfaces including Bluetooth and cellular basebands, neither of which have been comprehensively assessed, and to examine new devices and the functionality that they expose. In the option period, we plan toexpand our investigation to consider forthcoming remote access protocols, develop and characterize a comprehensive threat model for interface attacks, develop proof-of-concept exploits, and assess emerging mitigations, while expanding our inquiry into Android devices to consider Apple iOS devices as well. By the end of our proposed work, we plan to have developed deployable technologies for assessing vulnerabilities and mitigations that can be transitioned to use by the Navy to protect warfighters in the field.

Document Details

Document Type

DoD Grant Award

Publication Date

Feb 17, 2020

Source ID

N000142012205

Entities

Tags