TY - JOUR
T1 - An Android-based Trojan Spyware to Study the NotificationListener Service Vulnerability
AU - Abualola, Huda
AU - Alhawai, Hessa
AU - Kadadha, Maha
AU - Otrok, Hadi
AU - Mourad, Azzam
N1 - Funding Information:
This work has been supported by Khalifa University of Science, Technology & Research (KUSTAR), the Associated Research Unit of the National Council for Scientific Research, CNRS-Lebanon, and Lebanese American University (LAU).
Publisher Copyright:
© 2016 The Authors.
PY - 2016
Y1 - 2016
N2 - Security attacks continue to emerge on daily basis due to the fast growth in the number of smart devices and mobile applications. Attacks take different malware forms such as Spyware and Trojan exploiting different operating system vulnerabilities, specially the well known vulnerable operating system; Android OS. In this paper, we study the malicious use of the "NotificationListener" service in Android 4.3 and 5.0. A Trojan application, known as SMS backup, is developed to spy the notifications of other applications. Such an application requires only two permissions that include "Notification Access" and "Internet". These permissions are used to extract and send user's messages of other applications to the attacker's email through Internet. Our malware is able to alter and/or delete the notification before being displayed. For experimental results, the malware was tested against notifications of WhatsApp, BBM, SMS, and Facebook messenger using different Android versions including Lollipop 5.0. Experiments show that our malware succeeded against all the tested applications running Android version 4.3. Moreover, BBM and SMS messages are still extractable in the newer version of Android (Lollipop 5.0).
AB - Security attacks continue to emerge on daily basis due to the fast growth in the number of smart devices and mobile applications. Attacks take different malware forms such as Spyware and Trojan exploiting different operating system vulnerabilities, specially the well known vulnerable operating system; Android OS. In this paper, we study the malicious use of the "NotificationListener" service in Android 4.3 and 5.0. A Trojan application, known as SMS backup, is developed to spy the notifications of other applications. Such an application requires only two permissions that include "Notification Access" and "Internet". These permissions are used to extract and send user's messages of other applications to the attacker's email through Internet. Our malware is able to alter and/or delete the notification before being displayed. For experimental results, the malware was tested against notifications of WhatsApp, BBM, SMS, and Facebook messenger using different Android versions including Lollipop 5.0. Experiments show that our malware succeeded against all the tested applications running Android version 4.3. Moreover, BBM and SMS messages are still extractable in the newer version of Android (Lollipop 5.0).
KW - Android
KW - Mobile spy
KW - Notification
KW - Spyware
KW - Trojan
UR - http://www.scopus.com/inward/record.url?scp=84971228863&partnerID=8YFLogxK
U2 - 10.1016/j.procs.2016.04.210
DO - 10.1016/j.procs.2016.04.210
M3 - Conference article
AN - SCOPUS:84971228863
SN - 1877-0509
VL - 83
SP - 465
EP - 471
JO - Procedia Computer Science
JF - Procedia Computer Science
T2 - 7th International Conference on Ambient Systems, Networks and Technologies, ANT 2016 and the 6th International Conference on Sustainable Energy Information Technology, SEIT 2016
Y2 - 23 May 2016 through 26 May 2016
ER -