Exception beyond Exception: Crashing Android System by Trapping in "Uncaught Exception"

Android is characterized as a complicated open source software stack created for a wide array of devices with different form of factors, whose latest release has over one hundred million lines of code. Such code is mainly developed with the Java language, which builds complicated logic and brings im...

Full description

Saved in:
Bibliographic Details
Published in2017 IEEE/ACM 39th International Conference on Software Engineering: Software Engineering in Practice Track (ICSE-SEIP) pp. 283 - 292
Main Authors Jingzheng Wu, Shen Liu, Shouling Ji, Mutian Yang, Tianyue Luo, Yanjun Wu, Yongji Wang
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.05.2017
Subjects
Android System Service
Computer crashes
Computer crime
DoS Attack
Exception
Java
Message systems
Smart phones
Software
Vulnerability
Online AccessGet full text

Cover

More Information
Summary:Android is characterized as a complicated open source software stack created for a wide array of devices with different form of factors, whose latest release has over one hundred million lines of code. Such code is mainly developed with the Java language, which builds complicated logic and brings implicit information flows among components and the inner framework. By studying the source code of system service interfaces, we discovered an unknown type of code flaw, which is named uncaughtException flaw, caused by un-well implemented exceptions that could crash the system and be further vulnerable to system level Denial-of-Service (DoS) attacks. We found that exceptions are used to handle the errors and other exceptional events but sometimes they would kill some critical system services exceptionally. We designed and implemented ExHunter, a new tool for automatic detection of this uncaughtException flaw by dynamically reflecting service interfaces, continuously fuzzing parameters and verifying the running logs. On 11 new popular Android devices, ExHunter extracted 1045 system services, reflected 758 suspicious functions, discovered 132 uncaughtException flaws which are 0-day vulnerabilities that have never been known before and generated 275 system DoS attack exploitations. The results showed that: (1) almost every type of Android phone suffers from this flaw, (2) the flaws are different from phone by phone, and (3) all the vulnerabilities can be exploited by direct/indirect trapping. To mitigate uncaughtException flaws, we further developed ExCatcher to re-catch the exceptions. Finally, we informed four internationally renowned manufacturers and provided secure improvements in their commercial phones.
DOI:10.1109/ICSE-SEIP.2017.12