Inside Job: Understanding and Mitigating the Threat of External Device Mis-Bonding on Android


Today’s smartphones can be armed with many types of external devices, such as medical devices and credit card readers, that enrich their functionality and enable them to be used in application domains such as healthcare and retail. This new development comes with new security and privacy challenges. Existing phone-based operating systems, Android in particular, are not ready for protecting authorized use of these external devices: indeed, any app on an Android phone that acquires permission to utilize communication channels like Bluetooth and Near Field Communications is automatically given the access to devices communicating with the phone on these channels.

Proceedings of the 21st Network and Distributed System Security Symposium (NDSS ‘14). Acceptance rate=18.6% (55/295);