Volume 7 - Issue 4
Open Sesame! Design and Implementation of Backdoor to Secretly Unlock Android Devices
- Junsung Cho
Sungkyunkwan University, Republic of Korea
js.cho@skku.edu
- Geumhwan Cho
Sungkyunkwan University, Republic of Korea
geumhwan@skku.edu
- Sangwon Hyun
Sungkyunkwan University, Republic of Korea
swhyun77@skku.edu
- Hyoungshick Kim
Sungkyunkwan University, Republic of Korea
hyoung@skku.edu
Keywords: Android, Malware, Backdoor, Firebase
Abstract
This paper presents a practical design of backdoor to permanently bypass the screen lock mechanisms
on Android devices. Our design has many advantages such as difficulty in detecting backdoor, fast
execution time and low power consumption. The key feature of our backdoor is remote triggering
that allows the backdoor to be temporarily triggered and executed through push notification services
also used by many normal applications. Furthermore, in our proof-of-concept backdoor, about 98%
of 4-digit PINs and screen lock patterns were cracked within 5 seconds, and only a small amount
of power was consumed. We show the stealthiness of our backdoor to effectively evade the existing
malware detection tools (55 anti-virus scanners provided by VirusTotal and SandDroid).