We have just published online information about our new seminar on Tool-based approaches to Software Security which we will be having this summer.
Over the past few years, we have developed and open-sourced a whole range of program-analysis tools surrounding the Soot framework. Are you using Soot or any related tools?
Then please let us know by briefly filling out this form. It will not even take a minute!
This will help us when trying to acquire money with funding agencies and will help you help us keep up the level of support that you have provided so far.
Many thanks in advance!
The Deutsche Forschungsgemeinschaft (DFG) has awarded Eric Bodden the Heinz Maier-Leibnitz Price 2014. The Heinz Maier-Leibnitz Prize, named after the physicist and former president of the DFG, is a distinction for young researchers and provides further incentive for excellent achievements in their research work. Every year, up to 10 researchers in Germany are awarded with this price.
More information is available here in German
Together with their colleague Stephan Huber from Fraunhofer SIT, Steven Arzt and Siegfried Rasthofer from the SSE group discovered a security issue present in all current versions of Android. As Google now confirmed, the attack vector allows to forbid the future installation of arbitrary Android apps at the choice of the attacker. For instance, it can be used to forbid the installation of the facebook app for basically the entire lifetime of the mobile device until a factory reset has been performed or the issue is fixed manually which, however, requires root access to the device and some expertise in the Android OS. Update: The attack itself requires no root access.
We tested the attack on Android Version 4.x and 2.3.6. It is likely that this attack affects ALL Android versions, though. We wish to note, though, that this vulnerability was discovered under lab conditions, and that there is currently no indication that the vulnerability is exploited in the wild.
We are currently in contact with the Android security team to fix this problem. A detailed explanation of the attack will be published after a fix is available.