Android Vulnerability Mining Technology Based On Fuzzing

Android system contains a lot of system services,including audio and video system services,SMS system services,WIFI system services,etc.Almost all applications are inseparable from the support of system services.Due to malicious APP attacks,the system is facing security threats.There are many reasons for the formation of security vulnerabilities in the system services,including the AIDL vulnerability,the interface function calls the null pointer exception,etc.In addition,the overall structure of the Android system will lead to other system mining tools can not be directly ported to the Android system.Fuzzing testing technique can effectively mining security vulnerabilities in the system platform,if the mining system vulnerabilities in Android using the Fuzzing testing technology and realizing vulnerabilities mining tools based on Fuzzing technology can effectively mining flaws in Android services,improve the security of Android system.For the Android service security vulnerabilities mining practice,this paper put forward a mining method of Binder mechanism and combining genetic algorithm and Fuzzing technology.This paper put also forward the design and implementation of lightweight,cross platform vulnerability mining tool BFDroid.For the test data structure module,BFDroid first statistical function call interface of system services,and analysis name of system service,the interface name and the number of parameters and parameter types of original data,then stored in the SQLite database to facilitate subsequent calls,finally through the genetic algorithm crossover operator and mutation operator to generate test data for processing the original data in the database.For the Fuzzing process,we first use the Java reflection technology to obtain IBinder handle of system services,and then use the Binder mechanism of Android,called transact(int code,Parcel data,Parcel reply,int flag)function,then test data structure is passed,finally Fuzzing test on system services and mining flaws in Android services.For the monitoring module,it is to track and analyze the process of vulnerability mining by using the log system to print the name of service and the name of the function interface,as well as the parameters of the test.BFDroid can not only exploit the vulnerability of the native system,but also can exploit the third party Android system,and do not need access to Root.Each version of the Android system,including native and customized versions,contains about 90 system services,about 2000 system service methods.This paper tests 5 native Android system versions(including Android4.4.4,Android5.1.1,Android6.0.1,Android7.0,Android7.1)as well as the customization system of the third party vendors,including Xiao Mi MIUI OS and Meizu FLYME OS.So far: BFDroid finds a total of 20 native Android system vulnerabilities,as well as the 12 vulnerabilities of the custom Android system.Google and Xiao MI,Meizu and other manufacturers have been initially confirmed the vulnerability submitted,the vulnerability was submitted to the Meizu company was identified as High-risk vulnerability,Xiao MI company was certified as a dangerous vulnerability.The experimental results show that: at present,the vulnerability mining tool BFDroid can fully exploit the vulnerability of Android services and improve the security of Android system.