Abstract
To simplify the transfer of user data to a new device, all major smartphone manufacturers offer data migration phone clone tools.
Despite the sensitivity of the involved data, the security of current-generation data migration tools has not been analyzed comprehensively.
In this paper, we systematically analyze state-of-the-art data migration tools from 7 major Android vendors (Google, Samsung, Vivo, Xiaomi, Oppo, Huawei, Honor) with a combined download count exceeding 12 billion. We identify generic attack scenarios, and check concrete apps for realizability of these scenarios based on a list of requirements. Our analysis uncovers severe security vulnerabilities in all tools that allow attackers within Wi-Fi range to eavesdrop sensitive user data.
The eavesdropped data includes communication records, personal media and documents, and login credentials, effectively representing a sizable dump of a user's digital life. In practice, attackers can exploit these vulnerabilities by placing cheap equipment near places such as mobile carrier stores, where data migrations are typically done multiple times per day. Moreover, five tools are vulnerable to data injection attacks, allowing attackers within Wi-Fi range to achieve code execution on a freshly set-up device. Finally, three tools are also susceptible to data extraction or injection attacks from local attackers.
We responsibly disclosed our results to affected vendors, so far leading to seven CVEs, five of which are high-severity.
Despite the sensitivity of the involved data, the security of current-generation data migration tools has not been analyzed comprehensively.
In this paper, we systematically analyze state-of-the-art data migration tools from 7 major Android vendors (Google, Samsung, Vivo, Xiaomi, Oppo, Huawei, Honor) with a combined download count exceeding 12 billion. We identify generic attack scenarios, and check concrete apps for realizability of these scenarios based on a list of requirements. Our analysis uncovers severe security vulnerabilities in all tools that allow attackers within Wi-Fi range to eavesdrop sensitive user data.
The eavesdropped data includes communication records, personal media and documents, and login credentials, effectively representing a sizable dump of a user's digital life. In practice, attackers can exploit these vulnerabilities by placing cheap equipment near places such as mobile carrier stores, where data migrations are typically done multiple times per day. Moreover, five tools are vulnerable to data injection attacks, allowing attackers within Wi-Fi range to achieve code execution on a freshly set-up device. Finally, three tools are also susceptible to data extraction or injection attacks from local attackers.
We responsibly disclosed our results to affected vendors, so far leading to seven CVEs, five of which are high-severity.
| Originalsprache | englisch |
|---|---|
| Titel | European Symposium on Research in Computer Security |
| Herausgeber (Verlag) | Springer |
| Publikationsstatus | Angenommen/In Druck - 2026 |
Publikationsreihe
| Name | Lecture Notes in Computer Science |
|---|---|
| Herausgeber (Verlag) | Springer |
Fields of Expertise
- Information, Communication & Computing
Fingerprint
Untersuchen Sie die Forschungsthemen von „Clone2Pwn: A Systematic Security Analysis of Data Migration Tools in the Android Ecosystem“. Zusammen bilden sie einen einzigartigen Fingerprint.Dieses zitieren
- APA
- Standard
- Harvard
- Vancouver
- Author
- BIBTEX
- RIS