A fuzzing test for dynamic vulnerability detection on Android Binder mechanism

Binder, which helps to package the functional codes of system processes into inter-process invocable interfaces for application-level processes, is the core mechanism to implement the Inter-Process Communication(IPC) in Android. This paper, for the first time, attempts to study the system-level security properties of this mechanism. The universal injection interface and the model of IPC data are proposed to implement a fuzzing test. A test case generation technique based on mutation algorithm of pre-captured IPC data is introduced in order to improve the fuzzing test efficiency. Two high-risk vulnerabilities are detected in Android 5.1.0. Analysis of these vulnerabilities highlights a critical design issue in the system services of Binder mechanism.