Security considerations related to the use of mobile devices in the operation of critical infrastructures

An increasing number of attacks by mobile malware have begun to target critical infrastructure assets. Since malware attempts to defeat the security mechanisms provided by an operating system, it is of paramount importance to understand the strengths and weaknesses of the security frameworks of mobile device operating systems such as Android. Many recently discovered vulnerabilities suggest that security issues may be hidden in the cross-layer interplay between the Android layers and the underlying Linux kernel. This paper presents an empirical security evaluation of the interactions between Android layers. The experiments indicate that the Android Security Framework does not discriminate between callers of invocations to the Linux kernel, thereby enabling Android applications to directly interact with the kernel. This paper shows how this trait allows malware to adversely affect the security of mobile devices by exploiting previously unknown vulnerabilities unveiled by analyses of the Android interplay. The impact of the resulting attacks on critical infrastructures is discussed. Finally, an enhancement to the Android Security Framework is proposed for detecting and preventing direct kernel invocations by applications, thereby dramatically reducing the impact of malware.