Check Point Press Releases

Media Alert: Check Point Researchers Uncover Potential Next Generation Android Attacks

The Binder Exposes Android Devices to Data and Information Leaks

San Carlos, CA  —  Thu, 16 Oct 2014

Check Point® Software Technologies Ltd. (Nasdaq: CHKP), the worldwide leader in securing the Internet, today released new research entitled “Man in the Binder: He Who Controls the IPC, Controls the Droid.” The study of Android’s unique operating system (OS) architecture showed the potential capture of data and information being stored and communicated on Android devices through the Binder, the message passing mechanism in Inter-process Communication (IPC).

Researchers in Check Point’s Malware and Vulnerability Research Group uncovered that as the single point of communication, the Binder is a natural target for Android malware. In a typical OS, a process will hold dozens of handles for the system’s hardware: hard disk, display adapter, network card, etc. Due to Android’s OS architecture, a process can achieve the same tasks, controlling all of an application’s interactions through the Binder. Data communicated over the Binder can be captured, and Check Point’s research demonstrated the ability to intercept sensitive details such as keyboard, in-app and SMS data.

“Through our Man in the Binder research, we noted several architectural concepts in Android’s unique OS architecture. Specifically, we discuss the data communication capabilities the IPC provides in Android devices,” said Nitay Artenstein, security researcher at Check Point Software Technologies. “The Binder can become the new frontier of mobile malware attacks; its greatest value for attackers is the lack of widespread awareness on its role in the Android OS. Our hope is that with this research, the security and development communities will be better equipped to protect and secure the data going through the Binder.”

Key Findings:

  • Man in the Binder uncovers the role of the Binder, a message-passing mechanism for Android devices.
  • Through in-depth research on the Binder’s central role in Android OS architecture, Check Point demonstrated that information sent and received through applications on a device, including those that are secured through two-factor authentication, encryption lines, and other security measures, can be intercepted.
  • Examples of data intercepted via the Binder in this research included device keyboard input, in-application activities such as banking transactions, and SMS messages.
  • Check Point is highlighting the potential for new Android malware, and encourages security professionals and Android developers alike take note and collaborate on the issue, as well as research new protection mechanisms.

Check Point will present the Man in the Binder research findings at Black Hat Europe on Thursday, October 16, 2014 at 11:45AM CEST in The Amsterdam Rai, Netherlands. “Man in the Binder: He Who Controls IPC, Controls The Droid” will be presented by Check Point’s Nitay Artenstein, Security Researcher and Idan Revivo, Mobile Malware Researcher. For more details on the session, visit:

Check Point’s Malware and Vulnerability Research Groups regularly perform assessments of common software to ensure the security of Internet users worldwide. For more information on Man in the Binder and other research findings from Check Point, visit: /threatcloud-central/.

Follow Check Point via




About Check Point Software Technologies Ltd.

Check Point Software Technologies Ltd. (, the worldwide leader in securing the Internet, provides customers with uncompromised protection against all types of threats, reduces security complexity and lowers total cost of ownership. Check Point first pioneered the industry with FireWall-1 and its patented stateful inspection technology. Today, Check Point continues to develop new innovations based on the Software Blade Architecture, providing customers with flexible and simple solutions that can be fully customized to meet the exact security needs of any organization. Check Point is the only vendor to go beyond technology and define security as a business process. Check Point 3D Security uniquely combines policy, people and enforcement for greater protection of information assets and helps organizations implement a blueprint for security that aligns with business needs. Customers include tens of thousands of organizations of all sizes, including all Fortune and Global 100 companies. Check Point’s award-winning ZoneAlarm solutions protect millions of consumers from hackers, spyware and identity theft.


This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.