====== 11. Android Vulnerabilities,​ Exploits and Malware ====== 
Presentations of student assignments. 
===== Assignment (1p) ====== 
Describe in detail a known vulnerability and exploit / attack / malware, for a mobile device. Any attack surface may be considered: mobile OS, wireless communication,​ system services, applications,​ etc. 
The document should have 1-2 pages and include: targeted mobile OS and version, attack surface, exploited vulnerability,​ attack/​malware architecture,​ implementation details. Upload the document [[http://​cs.curs.pub.ro/​2017/​mod/​assign/​view.php?​id=6268|here]]. 
The presentation must summarise the attack description and implementation. As a bonus, it may also include a demo of the attack. 
* Description - 0.6p 
* Presentation - 0.4p 
* Implementation - 0.5p (bonus) 
Deadlines: 
* Document - May 19th 
* Presentation - May 21st,22nd 
* [[https://​www.usenix.org/​system/​files/​conference/​woot17/​woot17-paper-hay.pdf|Android Bootloader Vulnerabilities in Vendor Customizations]] 
* [[https://​www.usenix.org/​system/​files/​conference/​usenixsecurity16/​sec16_paper_lipp.pdf|ARMageddon:​ Cache Attacks on Mobile Devices]] 
* [[https://​arxiv.org/​pdf/​1611.03748.pdf|Systematic Classification of Side-Channel Attacks: A Case Study for Mobile Devices]] 
* [[http://​faculty.ecnu.edu.cn/​picture/​article/​2990/​7e/​2e/​0713fd44474e863e016daf2cc4ba/​1ef645ea-c487-44b2-9b8a-c962ee92275c.pdf|Mobile Application Security: Malware Threats and Defenses]] 
* [[https://​pdfs.semanticscholar.org/​57ca/​94653a5d440a7d5574b8d400f4e055eea7f5.pdf|A Survey on Smartphones Security: Software Vulnerabilities,​ Malware, and Attacks]] 
* [[http://​romisatriawahono.net/​lecture/​rm/​survey/​network%20security/​Peng%20-%20Smartphone%20Malware%20and%20Its%20Propagation%20Modeling%20-%202014.pdf|Smartphone Malware and Its Propagation Modeling: A Survey]] 
* Android Hacker's Handbook, Joshua J. Drake, 2014 
Warning: The assignment is individual. Copying text from other students or directly from documentation is not allowed. You should use your own words to explain what you have read.  
