Understanding Open Ports in Android Applications: Discovery, Diagnosis, and Security Assessment

Daoyuan Wu, Debin Gao, R. Chang, En He, E. Cheng, R. Deng
{"title":"Understanding Open Ports in Android Applications: Discovery, Diagnosis, and Security Assessment","authors":"Daoyuan Wu, Debin Gao, R. Chang, En He, E. Cheng, R. Deng","doi":"10.14722/NDSS.2019.23171","DOIUrl":null,"url":null,"abstract":"—Open TCP/UDP ports are traditionally used by servers to provide application services, but they are also found in many Android apps. In this paper, we present the first open- port analysis pipeline, covering the discovery, diagnosis, and security assessment, to systematically understand open ports in Android apps and their threats. We design and deploy a novel on-device crowdsourcing app and its server-side analytic engine to continuously monitor open ports in the wild. Over a period of ten months, we have collected over 40 million port monitoring records from 3,293 users in 136 countries worldwide, which allow us to observe the actual execution of open ports in 925 popular apps and 725 built-in system apps. The crowdsourcing also provides us a more accurate view of the pervasiveness of open ports in Android apps at 15.3%, much higher than the previous estimation of 6.8%. We also develop a new static diagnostic tool to reveal that 61.8% of the open-port apps are solely due to embedded SDKs, and 20.7% suffer from insecure API usages. Finally, we perform three security assessments of open ports: (i) vulnerability analysis revealing five vulnerability patterns in open ports of popular apps, e.g., Instagram, Samsung Gear, Skype, and the widely-embedded Facebook SDK, (ii) inter-device connectivity measurement in 224 cellular networks and 2,181 WiFi networks through crowdsourced network scans, and (iii) experimental demonstration of effective denial-of-service attacks against mobile open ports.","PeriodicalId":20444,"journal":{"name":"Proceedings 2019 Network and Distributed System Security Symposium","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2019-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"19","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings 2019 Network and Distributed System Security Symposium","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.14722/NDSS.2019.23171","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 19

Abstract

—Open TCP/UDP ports are traditionally used by servers to provide application services, but they are also found in many Android apps. In this paper, we present the first open- port analysis pipeline, covering the discovery, diagnosis, and security assessment, to systematically understand open ports in Android apps and their threats. We design and deploy a novel on-device crowdsourcing app and its server-side analytic engine to continuously monitor open ports in the wild. Over a period of ten months, we have collected over 40 million port monitoring records from 3,293 users in 136 countries worldwide, which allow us to observe the actual execution of open ports in 925 popular apps and 725 built-in system apps. The crowdsourcing also provides us a more accurate view of the pervasiveness of open ports in Android apps at 15.3%, much higher than the previous estimation of 6.8%. We also develop a new static diagnostic tool to reveal that 61.8% of the open-port apps are solely due to embedded SDKs, and 20.7% suffer from insecure API usages. Finally, we perform three security assessments of open ports: (i) vulnerability analysis revealing five vulnerability patterns in open ports of popular apps, e.g., Instagram, Samsung Gear, Skype, and the widely-embedded Facebook SDK, (ii) inter-device connectivity measurement in 224 cellular networks and 2,181 WiFi networks through crowdsourced network scans, and (iii) experimental demonstration of effective denial-of-service attacks against mobile open ports.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
理解Android应用程序中的开放端口:发现、诊断和安全评估
开放的TCP/UDP端口通常用于服务器提供应用程序服务,但它们也存在于许多Android应用程序中。在本文中,我们提出了第一个开放端口分析管道,涵盖发现,诊断和安全评估,以系统地了解Android应用程序中的开放端口及其威胁。我们设计并部署了一个新颖的设备上众包应用程序及其服务器端分析引擎,以持续监控开放端口。在10个月的时间里,我们从全球136个国家的3293个用户中收集了超过4000万个端口监控记录,这使我们能够观察925个流行应用程序和725个内置系统应用程序中开放端口的实际执行情况。众包还为我们提供了一个更准确的视角,即Android应用中开放端口的普及率为15.3%,远高于之前估计的6.8%。我们还开发了一个新的静态诊断工具,以揭示61.8%的开放端口应用仅仅是由于嵌入式sdk, 20.7%的应用遭受不安全的API使用。最后,我们对开放端口进行了三项安全评估:(i)漏洞分析,揭示了流行应用程序(如Instagram、Samsung Gear、Skype和广泛嵌入的Facebook SDK)开放端口中的五种漏洞模式;(ii)通过众包网络扫描对224个蜂窝网络和2181个WiFi网络进行设备间连接测量;(iii)对移动开放端口进行有效拒绝服务攻击的实验演示。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
Network and System Security: 17th International Conference, NSS 2023, Canterbury, UK, August 14–16, 2023, Proceedings Network and System Security: 16th International Conference, NSS 2022, Denarau Island, Fiji, December 9–12, 2022, Proceedings Network and System Security: 15th International Conference, NSS 2021, Tianjin, China, October 23, 2021, Proceedings Network and System Security: 14th International Conference, NSS 2020, Melbourne, VIC, Australia, November 25–27, 2020, Proceedings Neuro-Symbolic Execution: Augmenting Symbolic Execution with Neural Constraints
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1