Beyond Conventional Triggers: Auto-Contextualized Covert Triggers for Android Logic Bombs
Ye Wang
Network and Distributed System Security (NDSS) Symposium 2026 · Day 1 · Systems Security
Logic bombs -- malicious code that remains dormant until specific trigger conditions are met -- have largely fallen off the security research radar as detection tools like static analysis and dynamic fuzzing improved. This talk from the University of Kansas challenges that complacency by introducing **auto-contextualized sensor-based logic bombs** that simultaneously evade **static analysis**, **dynamic fuzzing**, and **anomaly detection**. By leveraging onboard **sensor-actuator covert channels** (e.g., vibration motor to accelerometer, camera flash to light sensor), the researchers achieve **100% evasion** against the state-of-the-art logic bomb detector **Diffuser**, **100% attack success rate** in static usage scenarios, and **zero false triggers**. They successfully injected triggers into **1,400 APKs** at scale and built three working prototypes demonstrating real-world viability.
AI review
An impressive offensive research contribution that demonstrates auto-contextualized Android logic bombs achieving 100% evasion against static analysis, dynamic fuzzing, and anomaly detection simultaneously. The use of onboard sensor-actuator covert channels (vibration-accelerometer, flash-light sensor) for controlled trigger delivery is creative and practical. Three working prototypes, large-scale injection into 1,400 APKs, and 100% attack success rate with zero false triggers make this a real threat, not a theoretical exercise.