| dc.description.abstract | The convenience, connectivity, and popularity of computers allow a malicious user to utilize various approaches to compromise hosts which can be further organized into Botnets to illegally obtain financial gains or sensitive information. Along with the tread that more and more users use mobile devices to communicate with friends or play on-line games, mobile devices, such as smartphones, have become an indispensible part of many persons’ everyday life. Therefore, the functionality of mobile devices becomes more powerful and the structures of them become more complex, which makes them look like personal computer miniatures. However, attackers may abuse these powerful and diverse functions to impair the owner of a mobile device. Hence mobile devices are under the threats of not only some of the traditional desktop attack types but also new attack types.
Due to the trend that more and more web services, such as Google, Facebook and many auction websites, require users to open their new accounts or to login to their accounts through cell-phone-verification, cell-phone-verification has become an important function of cellular phones. However, research in our work shows that cell-phone-verification is not always reliable. This study proposes a new attack method named MAC-YURI (My ACcount, YoUr ResponsIbility) against cell-phone-verification to show one possible abuse of smartphones to people. Through MAC-YURI, an attacker can utilize a compromised smartphone as a steppingstone to accept and forward account verification code to finish the cell-phone-verification when applying a new account or logging in to an account. This paper describes the attack models of MAC-YURI. MAC-YURI uses the built-in functionality of a smartphone, such as receiving and sending short messages, to launch attacks in a stealthy way. We implemented MAC-YURI on an Android smartphone. Experimental results show that MAC-YURI can successfully assist an attacker in obtaining the verification code of an account without the awareness of a steppingstone smartphone owner. Besides, the power consumption introduced by MAC-YURI is low. Finally, this paper proposes some methods to protect a smart-phone against MAC-YURI.
| en_US |