Understanding Open Ports in Android Applications: Discovery, Diagnosis, and Security Assessment

Daoyuan WU; Debin GAO; Rocky K. C. CHANG; En HE; Eric K. T. CHENG; Robert H. DENG

doi:10.14722/ndss.2019.23171

Understanding Open Ports in Android Applications: Discovery, Diagnosis, and Security Assessment

Daoyuan WU, Debin GAO, Rocky K. C. CHANG, En HE, Eric K. T. CHENG, Robert H. DENG

Research output: Book Chapters | Papers in Conference Proceedings › Conference paper (refereed) › Research › peer-review

17 Citations (Scopus)

Abstract

Open TCP/UDP ports are traditionally used by servers to provide application services, but they are also found in many Android apps. In this paper, we present the first open-port analysis pipeline, covering the discovery, diagnosis, and security assessment, to systematically understand open ports in Android apps and their threats. We design and deploy a novel on-device crowdsourcing app and its server-side analytic engine to continuously monitor open ports in the wild. Over a period of ten months, we have collected over 40 million port monitoring records from 3,293 users in 136 countries worldwide, which allow us to observe the actual execution of open ports in 925 popular apps and 725 built-in system apps. The crowdsourcing also provides us a more accurate view of the pervasiveness of open ports in Android apps at 15.3%, much higher than the previous estimation of 6.8%. We also develop a new static diagnostic tool to reveal that 61.8% of the open-port apps are solely due to embedded SDKs, and 20.7% suffer from insecure API usages. Finally, we perform three security assessments of open ports: (i) vulnerability analysis revealing five vulnerability patterns in open ports of popular apps, e.g., Instagram, Samsung Gear, Skype, and the widely-embedded Facebook SDK, (ii) inter-device connectivity measurement in 224 cellular networks and 2,181 WiFi networks through crowdsourced network scans, and (iii) experimental demonstration of effective denial-of-service attacks against mobile open ports.

Original language	English
Title of host publication	Proceedings: 2019 Network and Distributed Systems Security Symposium
Publisher	Internet Society
Chapter	Session 6B: Protocol Security
Number of pages	14
ISBN (Electronic)	189156255X
DOIs	https://doi.org/10.14722/ndss.2019.23171
Publication status	Published - 2019
Externally published	Yes
Event	Network and Distributed Systems Security (NDSS) Symposium 2019 - San Diego, United States Duration: 24 Feb 2019 → 27 Feb 2019

Conference

Conference	Network and Distributed Systems Security (NDSS) Symposium 2019
Country/Territory	United States
City	San Diego
Period	24/02/19 → 27/02/19

Bibliographical note

Acknowledgements:
We thank all the anonymous reviewers of this paper for their valuable comments.

Publisher Copyright:
© NDSS 2019.All rights reserved.

Funding

This work is partially supported by the Singapore National Research Foundation under NCR Award Number NRF2014NCR-NCR001-012, and the National Natural Science Foundation of China (Grant No. U1636205).

Access to Document

10.14722/ndss.2019.23171

Cite this

@inproceedings{ecf2e53098154fababecc47d83a7369b,

title = "Understanding Open Ports in Android Applications: Discovery, Diagnosis, and Security Assessment",

abstract = "Open TCP/UDP ports are traditionally used by servers to provide application services, but they are also found in many Android apps. In this paper, we present the first open-port analysis pipeline, covering the discovery, diagnosis, and security assessment, to systematically understand open ports in Android apps and their threats. We design and deploy a novel on-device crowdsourcing app and its server-side analytic engine to continuously monitor open ports in the wild. Over a period of ten months, we have collected over 40 million port monitoring records from 3,293 users in 136 countries worldwide, which allow us to observe the actual execution of open ports in 925 popular apps and 725 built-in system apps. The crowdsourcing also provides us a more accurate view of the pervasiveness of open ports in Android apps at 15.3\%, much higher than the previous estimation of 6.8\%. We also develop a new static diagnostic tool to reveal that 61.8\% of the open-port apps are solely due to embedded SDKs, and 20.7\% suffer from insecure API usages. Finally, we perform three security assessments of open ports: (i) vulnerability analysis revealing five vulnerability patterns in open ports of popular apps, e.g., Instagram, Samsung Gear, Skype, and the widely-embedded Facebook SDK, (ii) inter-device connectivity measurement in 224 cellular networks and 2,181 WiFi networks through crowdsourced network scans, and (iii) experimental demonstration of effective denial-of-service attacks against mobile open ports.",

author = "Daoyuan WU and Debin GAO and CHANG, \{Rocky K. C.\} and En HE and CHENG, \{Eric K. T.\} and DENG, \{Robert H.\}",

note = "Acknowledgements: We thank all the anonymous reviewers of this paper for their valuable comments. Publisher Copyright: {\textcopyright} NDSS 2019.All rights reserved.; Network and Distributed Systems Security (NDSS) Symposium 2019 ; Conference date: 24-02-2019 Through 27-02-2019",

year = "2019",

doi = "10.14722/ndss.2019.23171",

language = "English",

booktitle = "Proceedings: 2019 Network and Distributed Systems Security Symposium",

publisher = "Internet Society",

}

WU, D, GAO, D, CHANG, RKC, HE, E, CHENG, EKT & DENG, RH 2019, Understanding Open Ports in Android Applications: Discovery, Diagnosis, and Security Assessment. in Proceedings: 2019 Network and Distributed Systems Security Symposium. Internet Society, Network and Distributed Systems Security (NDSS) Symposium 2019, San Diego, California, United States, 24/02/19. https://doi.org/10.14722/ndss.2019.23171

TY - GEN

T1 - Understanding Open Ports in Android Applications: Discovery, Diagnosis, and Security Assessment

AU - WU, Daoyuan

AU - GAO, Debin

AU - CHANG, Rocky K. C.

AU - HE, En

AU - CHENG, Eric K. T.

AU - DENG, Robert H.

PY - 2019

Y1 - 2019

N2 - Open TCP/UDP ports are traditionally used by servers to provide application services, but they are also found in many Android apps. In this paper, we present the first open-port analysis pipeline, covering the discovery, diagnosis, and security assessment, to systematically understand open ports in Android apps and their threats. We design and deploy a novel on-device crowdsourcing app and its server-side analytic engine to continuously monitor open ports in the wild. Over a period of ten months, we have collected over 40 million port monitoring records from 3,293 users in 136 countries worldwide, which allow us to observe the actual execution of open ports in 925 popular apps and 725 built-in system apps. The crowdsourcing also provides us a more accurate view of the pervasiveness of open ports in Android apps at 15.3%, much higher than the previous estimation of 6.8%. We also develop a new static diagnostic tool to reveal that 61.8% of the open-port apps are solely due to embedded SDKs, and 20.7% suffer from insecure API usages. Finally, we perform three security assessments of open ports: (i) vulnerability analysis revealing five vulnerability patterns in open ports of popular apps, e.g., Instagram, Samsung Gear, Skype, and the widely-embedded Facebook SDK, (ii) inter-device connectivity measurement in 224 cellular networks and 2,181 WiFi networks through crowdsourced network scans, and (iii) experimental demonstration of effective denial-of-service attacks against mobile open ports.

AB - Open TCP/UDP ports are traditionally used by servers to provide application services, but they are also found in many Android apps. In this paper, we present the first open-port analysis pipeline, covering the discovery, diagnosis, and security assessment, to systematically understand open ports in Android apps and their threats. We design and deploy a novel on-device crowdsourcing app and its server-side analytic engine to continuously monitor open ports in the wild. Over a period of ten months, we have collected over 40 million port monitoring records from 3,293 users in 136 countries worldwide, which allow us to observe the actual execution of open ports in 925 popular apps and 725 built-in system apps. The crowdsourcing also provides us a more accurate view of the pervasiveness of open ports in Android apps at 15.3%, much higher than the previous estimation of 6.8%. We also develop a new static diagnostic tool to reveal that 61.8% of the open-port apps are solely due to embedded SDKs, and 20.7% suffer from insecure API usages. Finally, we perform three security assessments of open ports: (i) vulnerability analysis revealing five vulnerability patterns in open ports of popular apps, e.g., Instagram, Samsung Gear, Skype, and the widely-embedded Facebook SDK, (ii) inter-device connectivity measurement in 224 cellular networks and 2,181 WiFi networks through crowdsourced network scans, and (iii) experimental demonstration of effective denial-of-service attacks against mobile open ports.

UR - https://www.scopus.com/pages/publications/85069971262

U2 - 10.14722/ndss.2019.23171

DO - 10.14722/ndss.2019.23171

M3 - Conference paper (refereed)

AN - SCOPUS:85069971262

BT - Proceedings: 2019 Network and Distributed Systems Security Symposium

PB - Internet Society

T2 - Network and Distributed Systems Security (NDSS) Symposium 2019

Y2 - 24 February 2019 through 27 February 2019

ER -

Understanding Open Ports in Android Applications: Discovery, Diagnosis, and Security Assessment

Abstract

Conference

Bibliographical note

Funding

Access to Document

Other files and links

Fingerprint

Cite this