A framework for on-device privilege escalation exploit execution on Android

TitleA framework for on-device privilege escalation exploit execution on Android
Publication TypeConference Paper
Year of Publication2011
AuthorsHöbarth, S., & Mayrhofer R.
Conference NameProc. {IWSSI/SPMU 2011}: 3rd International Workshop on Security and Privacy in Spontaneous Interaction and Mobile Phone Use, colocated with {Pervasive 2011}
Date PublishedJune
Abstract

Exploits on mobile phones can be used for various reasons; a benign one may be to achieve system-level access on a device that was locked by the manufacturer or service provider (also known as `jailbreaking' or `rooting'), while potentially malicious reasons are manifold. Independently of the use case however, a specific exploit is not sufficient to achieve the desired access rights. Typically, exploits provide \emph{temporary privilege escalation} immediately after their execution. To provide additional access to applications, \emph{permanent privilege escalation} is required – in the benign case, including secure access control for the user to decide which (parts of) applications are granted elevated access. In this paper, we present a framework that can use arbitrary temporary exploits on Android devices to achieve permanent `root' capabilities for select (parts of) applications.