AuDroid security system prevents audio attacks at the device level
Tue 5 Apr 2016
With increasing consumer interaction with voice control for smartphone and wearable devices, researchers have drawn attention to the security failings of current mobile operating systems at managing audio, enabling malicious parties to exploit communication channels and trick devices into compromising user privacy and performing unauthorised operations.
Previous work to explore audio attack prevention has proposed adjusting individual apps, but such methods are app-specific [PDF] rather than system-wide. Other research [PDF] has allowed users to replace audio information with fake data to prevent leaks – these countermeasures however have been found to impact the functionality of apps.
Concerned by this challenge, a joint team from The Pennsylvania State University and the University of Oxford have devised a security mechanism which tracks the creation of audio communication channels and controls these information flows across the entire device.
The system, referred to as AuDroid, is an extension to the SELinux reference monitor and is integrated into the Android operating system’s Media Server, which enables it to control access to the microphone and speaker.
In the paper, titled AuDroid: Preventing Attacks on Audio Channels in Mobile Devices [PDF], the team explains that the software works by enforcing lattice security policies over the system’s audio resources. Once an error is detected, the user is alerted to the unsafe flows and is given the opportunity to approve them.
Tested across 17 widely-used apps, including WhatsApp, Facebook, Skype, Spotify and Snapchat, the researchers found that AuDroid was able to effectively prevent attacks on audio channels, without hampering the performance of the apps in question. The scientists first identified three types of audio channels: Speaker to microphone, speaker to external party and external party to microphone. Next, the team outlined a number of different scenarios where these channels could be exploited, including malicious voice commands and eavesdropping.
In one test a malicious app was developed to play voice security-sensitive commands to the target device, such as ‘Listen to voicemail’, ‘Show me my flights’ and ‘Open my Facebook’. Traditional isolation of access was found not to prevent attacks in this instance as it does not consider audio channels involving third parties, with AuDroid however the unsafe flow was immediately detected as originating from a ‘low-integrity’ source targeting a ‘high-integrity’ process (high-secrecy system app.)
The AuDroid mechanism was applied specifically to Android OS due to its open source availability and its wide share in the mobile device market. The team hopes to extend the system to other mobile operating systems in the future, such as iOS and Windows Phone.