在2015年出現的task hijacking攻擊方法,直到最近的Android7.1.2版本都還存在task hijacking的問題。它不需要任何權限就可以進行釣魚攻擊、denial-of-service攻擊等等。惡意程式利用Androidmultitasking的正常功能與目標程式共用同一個task進行攻擊而不是使用系統漏洞。先前的研究對於task hijacking的防禦方法皆為偵測activity的啟動行為。為了能夠完全的解決task hijacking,本篇論文設計了一項新的機制稱作AffinityGuard,開發者可以自行決定是否允許第三方的應用程式共用同一個Task以及使用白名單自行設定允許的應用程式。在activity啟動時AffinityGuard進行檢測,如果發現非法共用Task時馬上將惡意程式抵擋。AffinityGuard能夠完全的阻擋task hijacking攻擊,而且不會影響Android multitasking的功能。本文也分析了大量應用程式,了解AffinityGuard影響一般應用程式的使用程度非常小。;Task hijacking has appeared in the 2015 year but this problem stillexists in Android version 7.1.2 recent years. An attacker can use task hi-jacking to do phishing attack, denial-of-service attack without any permis-sion. The problem of task hijacking is that powerful functions of Androidmultitasking, so malware can share the same task with the victim app.Previous researches’ solutions about defense mechanisms of task hi-jacking are detecting activity attribute and the relation between each activity. We design a new mechanism called AffinityGuard to solve this problem totally. Developers can choose whether to share the same task with a third-party application or not and also add new apps to whitelists.AffinityGuard will protect apps in the launching of the activity. If the activity shares the same task with the victim app illegally, AffinityGuard will stop malicious app to share the task with the victim app.AffinityGuard can completely prevent task hijacking without impact-ing Android multitasking system. We also analyzed a large number apps from google play and Understand that AffinityGuard affects the usage ofAndroid multitasking of general apps is very small.
