| 摘要: | 隨著智慧型手機的進步以及其計算能力越來越強,簡訊(Short Message Service, SMS)除了一般通訊聯絡,近年來更是被許多應用服務拿來進行消息通知或是身分驗證。例如,社群網站的註冊、銀行消費通知,或是手機小額付款的驗證程序。然而,隨著簡訊扮演的角色越來越重要,就越是會成為惡意軟體作者的攻擊目標。在各種智慧型手機的作業系統中,~Google~的~Android~因為其開放平台以及完善的開發環境,在全球占有最多的用戶;然而,卻也讓~Android~成為惡意軟體的最大宗攻擊平台。本篇論文針對簡訊的資安隱憂,即惡意程式可能在使用者不知情的情況下就將簡訊刪除,導致手機預設的簡訊程式(\msging{})無法收到簡訊的情況,設計出一個簡訊監控系統稱為~\emph{MakaDroid}~。~\emph{MakaDroid}~主要分成兩部分:框架層級(Android Framework)和應用層級(Android Application)。我們首先在框架層中加入檢查的程式碼,確保我們在應用層的~\textsf{Maka App}~服務會第一個收到簡訊,而不會被其他接收者攔截;另外,更在簡訊廣播被終止(Abort),或是簡訊資料從~\msging{}~的資料庫被刪除(Delete)時,能夠通知~\textsf{Maka App}~並且跳出警告視窗給使用者。我們收集了已知的惡意程式來進行驗證,而因為不會有接收者搶在我們的~app~之前收到簡訊,並且系統在可疑的信件刪除時都會回報~\textsf{Maka App}~,因此我們能準確地記錄到所有的簡訊刪除事件。
In recent years, the advances of smartphones for their powerful capability have made the functionality of SMS (Short Message Service) diverse. Apart from the daily life communication, SMS is also used for notification or identity authentication by several application services. For example, the social network registration, the banking transaction notification, and the mobile payment verification. However, the more important role SMS plays, the more attractive target the malware programmers focus on. Among various smartphone operating systems, due to the openness and healthy development environment, Google's Andorid has the largest market share, which leads to the prime target platform of malware. This thesis focuses on the SMS security of those messages deleted without users' consent, and has implemented an SMS-monitoring framework called \emph{MakaDroid} to keep track of every received SMS messages. \emph{MakaDroid} can be divided into two parts: Android Framework and Android Application. In the Framework layer, we adds a few lines of monitoring code, and then our application, \textsf{Maka App}, in the applicaion level is responsible for receiving system-wide broadcasts, including the customized SMS-monitoring events. In order to keep track of each incoming SMS message, \textsf{Maka App} is guaranteed to be the first recipient to receive the message, and if a suspicious SMS message dropping happens, \textsf{Maka App} will record the event followed by a warning to the mobile user. In our evaluation, we have tested eight real-world malware samples and two PoC programs, and our solution accurately detected all of the malicious messages dropping behaviors. |
