%0 Report %1 DDSW2010a %A Davi, Lucas %A Dmitrienko, Alexandra %A Sadeghi, Ahmad-Reza %A Winandy, Marcel %D 2010 %K Technical-Reports myown %N HGI-TR-2010-002 %T Return-Oriented Programming without Returns on ARM %X n this paper we present a novel and general attack method on ARM-based computing platforms.Our attack deploys the principles of return-oriented programming (ROP). However, in contrast to conventional ROP, our attack exploits jumps instead of return addresses, and hence it can circumvent return address checkers. We show that our attack is Turing-complete and can induce arbitrary change of behavior in running programs without any code injection. We instantiate our attack method on the Android platform. We present an attack example that succeeds to send unauthorized text messages(SMS) and phone calls to high-cost numbers from a user’s device. To achieve this result, our attack(i) modifies program behavior without code injection, and (ii) abuses permissions assigned to an application.

@techreport{DDSW2010a, abstract = {n this paper we present a novel and general attack method on ARM-based computing platforms.Our attack deploys the principles of return-oriented programming (ROP). However, in contrast to conventional ROP, our attack exploits jumps instead of return addresses, and hence it can circumvent return address checkers. We show that our attack is Turing-complete and can induce arbitrary change of behavior in running programs without any code injection. We instantiate our attack method on the Android platform. We present an attack example that succeeds to send unauthorized text messages(SMS) and phone calls to high-cost numbers from a user’s device. To achieve this result, our attack(i) modifies program behavior without code injection, and (ii) abuses permissions assigned to an application.}, added-at = {2020-05-03T20:09:10.000+0200}, author = {Davi, Lucas and Dmitrienko, Alexandra and Sadeghi, Ahmad-Reza and Winandy, Marcel}, biburl = {https://www.bibsonomy.org/bibtex/2b1e6a66e59beb41961049ed6536938d7/sssgroup}, howpublished = {\url{http://www.trust.rub.de/media/trust/veroeffentlichungen/2010/07/21/ROP-without-Returns-on-ARM.pdf}}, institution = {Ruhr-University Bochum, System Security Lab}, interhash = {f103be6da1e3b08f28c9d84b7789448b}, intrahash = {b1e6a66e59beb41961049ed6536938d7}, keywords = {Technical-Reports myown}, month = {April}, number = {HGI-TR-2010-002}, pdf = {https://se2.informatik.uni-wuerzburg.de/publications/download/paper/1529.pdf}, timestamp = {2022-12-20T00:45:21.000+0100}, title = {Return-Oriented Programming without Returns on ARM}, year = 2010 }