本三年期的計畫將針對近來攻擊者新開發的一種竊取個資的攻擊方法 (task hijacking) 及一種新的植入惡意app至智慧型手機的方法於Android系統上提出並實作出防禦的機制。在植入一智慧型手機後,為取得螢幕、鍵盤的控制權惡意app開發出各種不同的綁架手機螢幕、觸控鍵盤使用權的方法用以產生釣魚畫面進而偷取使用者的各種資料,如密碼、帳號,對話紀錄。task hijacking是近年攻擊者開發出的新的綁架智慧型手機螢幕、觸控鍵盤的方法。本計畫的前半期將針對Android系統設計、開發、並於Android Framework實作出一供app開發者保護其app免於遭受task hijacking的app保護系統。保護系統並不會完全中止一activity出現在其他app的back stack中的能力,而是根據app開發者的設定決定其他app的activity是否可出現在開發者的app的back stack,以保護該app免於遭受task hijacking攻擊。此外,不同於入侵桌機、或伺服器所採用的手法,現今入侵手機植入惡意程式所採用方法以社交工程為主,換言之就是以各種欺騙的方式,讓智慧型手機的使用者下載、安裝惡意app。然而最近的一些報告顯示,一種新的手法可讓攻擊者可以透過手機的micro USB接頭將惡意app經由adb送入一智慧型手機中。利用此手法,攻擊者可偽裝成免費或公共的智慧型手機電源,在智慧型手機的使用者接上偽裝的電源時植入、安裝惡意app。本三年期計畫的後半期將針對Android系統設計、開發、並實作出一能阻擋未經使用者授權透過micro USB下載、安裝app的 Android framework level 及 kernel level的防禦系統。 ;This 3-year project proposes a system on Android to protect Android against a new attack approach, task hijacking, which is using by attackers to steal important information from smartphone users. This project also proposes a system to protect a smartphone from installing malicious App through a newly developed approach. After being installed in an Android smartphone, some malicious Apps try to hijack the control of the touch screen and touch keyboard of the smartphone so that the Apps can create a phishing screen to cheat the user and obtain his important information, such as password, account information, and dialogue content. Task hijacking is a new approach that attackers use to hijack the control of the touch screen and touch keyboard of a smartphone. In the front period of this project, we will develop a framework level protection mechanism for Android App developers to protect their Apps against task hijacking attacks. Instead of disallowing any activity to appear in the back stack of another App, the proposed solution allows App developers to decide whether an activity of other App can appear in the back stacks of their App. Hence, App developers can protect their Apps against task hijacking. Besides, unlike compromising a host or a server, smartphone attackers usually utilize social engineering to install malicious Apps into a smartphone. However, recently reports show that through the micro-USB connector of a smartphone, attackers can use adb to install malicious Apps into the smartphone. Through this approach, an attacker can disguise his device as a public smartphone charger to attract victims to connect to it and install malicious Apps on smartphones connected to it. The rear period of this project plans to propose and implement a framework and kernel-level solution on Android to block unauthorized installations of Apps through adb.
