An Attack-Defense Model for the Binder on the Android Kernel Level

In this paper, we consider to seek vulnerabilities and we conduct possible attacks on the crucial and essential parts of Android OSs architecture including the framework and the Android kernel layers. As a regard, we explain the Binder component of Android OS from security point of view. Then, we demonstrate how to penetrate into the Binder and control data exchange mechanism in Android OS by proposing a kernel level attack model based on the hooking method. In addition, we provide a method to detect these kinds of attacks on Android frameworks and the kernel layer. As a result, by implementing the attack model, it is illustrated that the Android processes are detectable and the data can be extracted from any process and system calls. On the other hand, by using our detection proposed method the possibility of using this attack approach in the installed applications on the Android smartphones will be sharply decreased.