Inside Job: Understanding and Mitigating the Threat of External Device Mis-Bonding on Android

Author(s): Muhammad Naveed, Xiaoyong Zhou, Soteris Demetriou, XiaoFeng Wang, Carl A Gunter

Download: Paper (PDF)

Date: 22 Feb 2014

Document Type: Briefing Papers

Additional Documents: Slides

Associated Event: NDSS Symposium 2014

Abstract:

We found that today’s Android design allows an app with a Bluetooth permission to gain unauthorized access to any Bluetooth devices (particularly healthcare devices) and also misbind the phone with an attack device to inject data to the official apps of the original devices. We also developed an OS-level protection to address this new challenge.