Knock-Knock: The unbearable lightness of Android Notifications
Constantinos Patsakis, Efthimios Alepis
TL;DR
This paper analyzes Android Notifications as a critical user interaction component, revealing security vulnerabilities that can be exploited for deception or denial of service, and proposes countermeasures.
Contribution
It uncovers security flaws in Android Notifications and introduces attack methods and countermeasures to enhance mobile security.
Findings
Notifications can be forged to deceive users.
Notifications can be manipulated to cause denial of service.
Proposed countermeasures improve notification security.
Abstract
Android Notifications can be considered as essential parts in Human-Smartphone interaction and inextricable modules of modern mobile applications that can facilitate User Interaction and improve User Experience. This paper presents how this well-crafted and thoroughly documented mechanism, provided by the OS can be exploited by an adversary. More precisely, we present attacks that result either in forging smartphone application notifications to lure the user in disclosing sensitive information, or manipulate Android Notifications to launch a Denial of Service attack to the users' device, locally and remotely, rendering them unusable. This paper concludes by proposing generic countermeasures for the discussed security threats.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdvanced Malware Detection Techniques · User Authentication and Security Systems · Digital and Cyber Forensics