Annual Computer Security Applications Conference (ACSAC) 2013

Full Program »

PatchDroid: Scalable Third-Party Security Patches for Android Devices

Android is currently the largest mobile platform with around 750 million devices worldwide. Unfortunately, more then 30% of all devices contain publicly known security vulnerabilities and, in practice, cannot be updated through normal mechanisms since they are not longer supported by the manufacturer and mobile operator. This failure of traditional patch distribution systems has resulted in the creation of a large population of vulnerable mobile devices. In this paper, we present PatchDroid, a system to distribute and apply third-party security patches for Android. Our system is designed for device-independent patch creation, and uses in-memory patching techniques to address vulnerabilities in both native and managed code. We created a fully usable prototype of PatchDroid, including a number of patches for well-known vulnerabilities in Android devices. We evaluated our system on different devices from multiple manufacturers and show that we can effectively patch security vulnerabilities on Android devices without impacting performance or usability. Therefore, PatchDroid represents a realistic path towards dramatically reducing the number of exploitable Android devices in the wild.

Author(s):

Collin Mulliner    
Northeastern University
United States

Jon Oberheide    
DuoSecurity
United States

William Robertson    
Northeastern University
United States

Engin Kirda    
Northeastern University
United States

 

Powered by OpenConf®
Copyright©2002-2014 Zakon Group LLC