revention of Malware Installation in Dedicated Devices Built on General-Purpose Execution Environments

Doyeon Kim, Jione Choi, Kiseok Jeon, Wonjun Lee, Junghee Lee

http://doi.org/10.5626/JOK.2025.52.5.444

With digitalization of various industries, the demand for dedicated devices is increasing. Dedicated devices, such as digital banking branches, medical tablets, and educational tablets, are designed to perform specific tasks. Since they only run designated applications, they are them more secure with minimal the attack surface. Most of these devices are built on general-purpose execution environments like Android. Thus, they offer ease of development, usability, and high availability, contributing to their widespread adoption. At the same time, they may introduce new security vulnerabilities, necessitating security measures tailored to dedicated devices. This study analyed the vulnerabilities of dedicated devices operating in a general-purpose execution environment, evaluated the potential for vulnerabilities that could lead to malware installation, and proposed countermeasures. This research assumes that attackers do not have physical access to the device and that end users do not engage in malicious activities. The widely used Android environment was selected. Ten methods by which an attacker could remotely install malware on a Lenovo P11 device were identified. To mitigate these threats, a security mechanism optimized for dedicated devices was designed by implementing SELinux policies and installing a file integrity verification program.