Publication

Abstract : Sensors play a vital role in the smartphone for sensing-enabled mobile activities and applications. Different sources, like mobile applications and websites, access the sensors and use them for various purposes. The user needs permission to access the permission-imposed sensors. Using the generic sensor application programming interface, the user can access the no-permission-imposed sensors directly without any permission. Attackers target these sensors and make the smartphones vulnerable at the application, device and network levels. The attackers access the sensor’s information and use it for different purposes like personal identification number identification and user personal information theft. This paper presents STMAD, a novel allowlist-based intrusion prevention system to mitigate sensor-based threats on smartphones by detecting malicious access of an attacker through different channels. STMAD functions as a lightweight preventive mechanism for all sensors on the smartphone and preventing attackers from accessing sensors maliciously. The experimental results show that the proposed defense mechanism is more efficient and consumes minimal overhead. An informal security analysis also proved that the STMAD protects against various attacks.