| Android platform has the biggest market share of the mobile intelligent terminal platforms inrecent years. At the same time, it has the largest number of malicious software among all the mobileplatforms. Therefore, the study of Android platform security has become the research focus in thefield of information security.Based on the depth study and analysis of the security mechanisms ofAndroid permission, the defects and disadvantages have been found. Through privilege escalationtechnology, program’s permission can be escalated to the highest permission, namely rootpermission, so that the program can get access to arbitrary files in Android device.The core research point of permission escalation technology in this paper is the privilegeescalation vulnerabilities on Android platform.The privilege escalation vulnerabilities on Androidplatform can divid into two groups to study. One is vulnerabilities from Android operating systemand the other is vulnerabilities from Linux operating system. This paper selected3most valuableprivilege escalation vulnerabilities as study objects and focused on their exploiting principles andexploiting scripts. Exploiting scripts constructed specific code to trigger the vulnerability in order toescalate the permission, so that the lower permission program can also performed the codes whichonly root users can execute. At last, this paper make use of the above3vulnerabilities to realized anAndroid platform permission escalation tool called PETA(Permission Escalation Tool forAndroid-platform). The PETA tool will write special files to the Android device to get rootpermission after performing the exploiting scripts.ZergRush, Exynos and Getuser are the3vulnerabilities of PETA tool, covering Android2.x and4.x version, and several devices with Samsung Exynos processor. In theory, PETA applies to morethan90%Android devices. Experimental results show that the PETA tool has a wide applicationrange, a very high rate of success and a fast running speed. |
PDF Full Text Request