SIDEWINDER TARGETED ATTACK AGAINST ANDROID IN THE GOLDEN AGE OF AD LIBRARIES
Although little malware has been found in Google Play, both Android apps and the Android system itself contain vulnerabilities. Aggressive ad libraries also leak the user’s private information. By leveraging all these vulnerabilities, an attacker can conduct more targeted attacks, which we call “Sidewinder Targeted Attacks.”
In this paper we explain the security risks from such attacks, in which an attacker can intercept and use private information uploaded from ad libraries to precisely locate targeted areas such as a CEO’s office or specific conference rooms. When the target is identified, a “Sidewinder Targeted Attack” exploits popular vulnerabilities in ad libraries, such as Javascript-binding-over-HTTP or dynamicloading-over-HTTP, etc.
This research provides a look into how the Sidewinder Targeted Attack allows threat actors to take over Android devices to track location, take photos, send texts, and more via the ads libraries Android apps are built on.