Publikation

A framework for on-device privilege escalation exploit execution

Outline:

S. Höbarth, R. Mayrhofer - A framework for on-device privilege escalation exploit execution - Proceedings on 3rd International Workshop on Security and Privacy in Spontaneous Interaction and Mobile Phone Use (IWSSI 2011), San Francisco, Vereinigte Staaten von Amerika, 2011

Abstract:

Exploits on mobile phones can be used for various reasons; a benign one may be to achieve system-level access on a device that was locked by the manufacturer or service provider (also known as `jailbreaking' or `rooting'), while potentially malicious reasons are manifold. Independently of the use case however, a specific exploit is not sufficient to achieve the desired access rights. Typically, exploits provide {temporary privilege escalation} immediately after their execution. To provide additional access to applications, permanent privilege escalation is required -- in the benign case, including secure access control for the user to decide which (parts of) applications are granted elevated access. In this paper, we present a framework that can use arbitrary temporary exploits on Android devices to achieve permanent `root' capabilities for select (parts of) applications.