Modern mobile platforms in particular smartphones such as Apple iPhone, Google Android phones, RIM Blackberry, or Nokia (based on Maemo/MeeGo) phones have become an integral part of our daily private and business life. In particular, the “App Store” concept, a software marketplace maintained by the smartphone OS manufacture, is very popular among end-users. Basically, it allows end-users to download and install various and different kinds of third-party applications either for free or by paying a low fee. However, App stores also involve a number of privacy and security risks: Does my new App access my private data, e.g., my address book? Does it really perform the actions it is supposed to do? Does it suffer from vulnerability or a bug an adversary can remotely exploit? Can it disrupt or compromise other applications on my device? Recent attacks based on techniques such as code injection, return-oriented programming, or malware show that the security architectures of modern smartphones do not accurately address these questions. This often allows adversaries to fully compromise the device. Moreover, the underlying operating system kernel often suffers from several vulnerabilities allowing privilege escalation attacks, e.g., to root the device via a Jailbreak. Addressing these questions and attacks is one of the main research topics of the System Security Lab.
Our research targets the well-known smartphone operating systems such as iOS, the Blackberry OS, Nokia Maemo and MeeGo, and the open source Google Android OS, where we currently strongly focus on Android due to several reasons: Android is open source which allows us to directly implement and test new security mechanisms. Further, there are already several research results in the wild on enhancing Android’s security architecture making Android more attractive for our future research.
- Current Projects
- Finalized Projects
- On-Board Credentials (Nokia Project)