| 摘要(英) |
In recent years, the advances of smartphones for their powerful capability have made the functionality of SMS (Short Message Service) diverse. Apart from the daily life communication, SMS is also used for notification or identity authentication by several application services. For example, the social network registration, the banking transaction notification, and the mobile payment verification. However, the more important role SMS plays, the more attractive target the malware programmers focus on. Among various smartphone operating systems, due to the openness and healthy development environment, Google’s Andorid has the largest market share, which leads to the prime target platform of malware. This thesis focuses on the SMS security of those messages deleted without users’ consent, and has implemented an SMS-monitoring framework called emph{MakaDroid} to keep track of every received SMS messages. emph{MakaDroid} can be divided into two parts: Android Framework and Android Application. In the Framework layer, we adds a few lines of monitoring code, and then our application, extsf{Maka App}, in the applicaion level is responsible for receiving system-wide broadcasts, including the customized SMS-monitoring events. In order to keep track of each incoming SMS message, extsf{Maka App} is guaranteed to be the first recipient to receive the message, and if a suspicious SMS message dropping happens, extsf{Maka App} will record the event followed by a warning to the mobile user. In our evaluation, we have tested eight real-world malware samples and two PoC programs, and our solution accurately detected all of the malicious messages dropping behaviors. |
| 參考文獻 |
[1] ComScore (2013). 2013 Mobile Future in Focus. Retrieved Apr. 12, 2013, from
http://www.comscore.com/Insights/Blog/2013_Digital_Future_in_
Focus_Series.
[2] Denis Maslennikov. IT Threat Evolution:Q1 2013. Retrieved Jun. 20, 2013,
from http://www.securelist.com/en/analysis/204792292/IT_Threat_
Evolution_Q1_2013.
[3] International Data Corporation (2013). Worldwide Quarterly Mobile Phone Tracker.
Retrieved Jun. 12, 2013, from http://www.idc.com/getdoc.jsp?containerId=
prUS24108913.
[4] William Dudley, Group Director, Product Management, and SAP Mobile Services.
Long Live SMS. Mobile Operator Guide 2013 The Evolution of Mobile Services:
Challenges, Strategies, Opportunities, 2013.
[5] Android Developer. Developer Tools. Retrieved Apr. 10, 2013, from http:
//developer.android.com/tools/index.html.
[6] Bruno Albuquerque (2011). Processing ordered broadcasts. Retrieved
Mar. 13, 2013, from http://android-developers.blogspot.tw/2011/01/
processing-ordered-broadcasts.html.
[7] Android Developer Rules. ACTION_NEW_OUTGOING_CALL. Retrieved
Apr. 26, 2013, from http://developer.android.com/reference/android/
content/Intent.html#ACTION_NEW_OUTGOING_CALL.
[8] Androulidakis and IosifI. SMS Security Issues. In Mobile Phone Security and Forensics,
SpringerBriefs in Electrical and Computer Engineering, pages 63--74. Springer
US, 2012.
[9] Khodor Hamandi, Imad H. Elhajj, Ali Chehab, and Ayman Kayssi. Android SMS
Botnet: A New Perspective. In Proceedings of the 10th ACM international symposium
on Mobility management and wireless access, MobiWac ’12, pages 125--130.
ACM, 2012.
[10] Anh Nguyen and Lei Pan. Detecting SMS-based Control Commands in a Botnet
from Infected Android Devices. In ATIS 2012 : Proceedings of the 3rd Applications
and Technologies in Information Security Workshop, Applications and Technologies
in Information Security Workshop, pages 23--27, 2012.
[11] Google I/O (2012). Android Fireside Chat. Retrieved Jun. 10, 2013, from https:
//developers.google.com/events/io/2012/sessions/gooio2012/102/.
[12] Xuetao Wei, Lorenzo Gomez, Iulian Neamtiu, and Michalis Faloutsos. Permission
evolution in the android ecosystem. In Proceedings of the 28th Annual Computer
Security Applications Conference, ACSAC ’12. ACM, 2012.
[13] Mohammad Nauman, Sohail Khan, and Xinwen Zhang. Apex: Eextending Android
Permission Model and Enforcement with User-Defined Runtime Constraints. In Proceedings
of the 5th ACM Symposium on Information, Computer and Communications
Security, ASIACCS ’10, pages 328--332. ACM, 2010.
[14] Yajin Zhou, Xinwen Zhang, Xuxian Jiang, and Vincent W. Freeh. Taming
Information-Stealing Smartphone Applications (on Android). In Proceedings of the
4th international conference on Trust and trustworthy computing, TRUST’11, pages
93--107. Springer-Verlag, 2011.
[15] Adrienne Porter Felt, Elizabeth Ha, Serge Egelman, Ariel Haney, Erika Chin, and
David Wagner. Android Permissions: User Attention, Comprehension, and Behavior.
In SOUPS’12, 2012.
[16] Yajin Zhou, Zhi Wang, Wu Zhou, and Xuxian Jiang. Hey, You, Get Off of My
Market: Detecting Malicious Apps in Official and Alternative Android Markets. In
Proceedings of the 19th Annual Network & Distributed System Security Symposium,
2012.
[17] Xu, Rubin, Saïdi, Hassen, Anderson, and Ross. Aurasium: practical policy enforcement
for android applications. In Proceedings of the 21st USENIX conference on
Security symposium, Security’12, pages 27--27. USENIX Association, 2012.
[18] Yajin Zhou and Xuxian Jiang. Dissecting Android Malware: Characterization and
Evolution. In Security and Privacy (SP), 2012 IEEE Symposium on, pages 95--109,
2012.
[19] Wu Zhou, Yajin Zhou, Xuxian Jiang, and Peng Ning. Detecting repackaged smartphone
applications in third-party android marketplaces. In Proceedings of the second
ACM conference on Data and Application Security and Privacy, CODASPY ’12,
pages 317--326. ACM, 2012.
[20] TEKELEC (2007). SMS Security: Malicious attacks are just around the corner. Are
you protected? Retrieved Jun. 3, 2013, from http://www.conectividad.org/
archivo/estudios/webbuyer/TekSMS_wp.pdf.
[21] Axelle Apvrille (2011). Zitmo hits Android. Retrieved Jun. 16, 2013, from http:
//blog.fortinet.com/zitmo-hits-android/.
[22] Xuxian Jiang (2012). Android premium-rate SMS Trojan. Retrieved
May 16, 2013, from http://www.thehackingarticles.com/2012/01/
android-premium-rate-sms-trojan.html#.UUqODhf-GZs.
[23] Symantec (2012). Android.Tigerbot. Retrieved May 16, 2013, from
http://www.symantec.com/security_response/writeup.jsp?docid=
2012-041010-2221-99.
[24] H. Pieterse and M.S. Olivier. Android Botnets on the Rise: Trends and Characteristics.
In Information Security for South Africa (ISSA), 2012, pages 1--5, 2012.
[25] Android Platform Development Kit (2008). Radio Layer Interface. Retrieved May
29, 2013, from http://www.netmite.com/android/mydroid/development/
pdk/docs/telephony.html.
[26] Erika Chin, Adrienne Porter Felt, Kate Greenwood, and David Wagner. Analyzing
Inter-Application Communication in Android. In Proceedings of the 9th international
conference on Mobile systems, applications, and services, MobiSys ’11, pages
239--252. ACM, 2011.
[27] Jim White (2012). Using LocalBroadcastManager in Service to Activity Communications.
Retrieved Jun. 5, 2013, from http://www.intertech.com/Blog/Post/
Using-LocalBroadcastManager-in-Service-to-Activity-Communications.
aspx.
[28] Android Open Source Project. Retrieved Feb. 20, 2013, from http://source.
android.com/.
[29] Jaime Blasco. Introduction to Android Malware Analysis. (IN)SECURE Magazine,
(34):25--37, 2012.
[30] Axelle Apvrille (2012). Making money out of android/ fakemart.
Retrieved Jul. 20, 2013, from https://blog.fortinet.com/
making-money-out-of-androidfakemart/.
[31] Kindsight Security Labs (2008). Malware Analysis: GGTracker.A Trojan for AndroidOS.
Retrieved Jun. 20, 2013, from http://www.kindsight.net/en/blog/
2011/09/29/malware-analysis-ggtrackera-trojan-for-androidos.
[32] Denis Maslennikov (2011). SMS Trojans: all around the world. Retrieved May 20,
2013, from http://www.securelist.com/en/blog/208193261/SMS_Trojans_
all_around_the_world. |
[Endnote RIS 格式]
[相關文章]
[文章引用]
[完整記錄]
[館藏目錄]
至系統瀏覽論文 ( 永不開放)
plurk
funp
live
udn
HD
myshare
netvibes
friend
youpush
delicious
baidu
Google bookmarks
del.icio.us
hemidemi
facebook
twitter
google
reddit