2013年開始,在台灣發生一連串密集的惡意程式入侵Android智慧型手機,綁架受害者手機的簡訊服務,攔截和自動傳送簡訊認證,進行小額付款購買遊戲點數的詐騙事件。 本研究提供一套稱為RSDroid的偵測與防禦機制,是修改自Android的系統框架(Framework)層級的,核心概念是簡訊傳入手機時會偵測簡訊被Abort和Delete事件,以及防禦沒有經由使用者輸入號碼與內容的簡訊被送出,偵測與防禦惡意程式攔截與自動發送小額付款的認證簡訊,避免使用者財物損失。;In Taiwan, starting from 2013, there have been many SMS scams due to the micropayment authentication vulnerability. A victim’s Android phone is compromised, and the malicious app takes over the SMS service. The malicious app intercepts the incoming authentication SMS and sends text messages without the victim’s knowing. The attacker completes the micropayment, but making the victim pay the bill. In this paper, we propose an Android framework-level solution, named RSDroid. It inspects all incoming SMS. Once a malicious app intercepts SMS, RSDroid warns the user. RSDroid also monitors all outgoing SMS. It records user input. When sending SMS, it compares the destination number and content with the user input log. It warns user if they are not consistent. RSDroid detects malicious apps intercepting SMS and prevents the malicious apps sending SMS without user input so that it protects users from micropayment scams.
