Search for: All records

Android devices, handling sensitive data like call records and text messages, are prone to privacy breaches. Existing information flow tracking systems face difficulties in detecting these breaches due to two main challenges: the multi-layered Android platform using different programming languages (Java and C/C++), and the complex, event-driven execution flow of Android apps that complicates tracking, especially across these language barriers. Our system, DryJIN, addresses this by effectively tracking information flow within and across both Java and native modules. Utilizing symbolic execution for native code data flows and integrating it with Java data flows, DryJIN enhances existing static analysis techniques (Argus-SAF, JuCify, and FlowDroid) to cover previously unaddressed information flow patterns. We validated DryJIN ’s effectiveness through a comprehensive evaluation on over 168k apps, including malware and real-world apps, demonstrating its superiority over current state-of-the-art methods. 

Controller Area Network (CAN) is the de-facto standard in-vehicle network system. Despite its wide adoption by automobile manufacturers, the lack of security design makes it vulnerable to attacks. For instance, broadcasting packets without authentication allows the impersonation of electronic control units (ECUs). Prior mitigations, such as message authentication or intrusion detection systems, fail to address the compatibility requirement with legacy ECUs, stealthy and sporadic malicious messaging, or guaranteed attack detection. We propose a novel authentication system called ShadowAuth that overcomes the aforementioned challenges by offering backward-compatible packet authentication to ECUs without requiring ECU firmware source code. Specifically, our authentication scheme provides transparent CAN packet authentication without modifying existing CAN packet definitions (e.g., J1939) via automatic ECU firmware instrumentation technique to locate CAN packet transmission code, and instrument authentication code based on the CAN packet behavioral transmission patterns. ShadowAuth enables vehicles to detect state-of-the-art CAN attacks, such as bus-off and packet injection, responsively within 60ms without false positives. ShadowAuth provides a sound and deployable solution for real-world ECUs.